You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
NPM installs modules without critical vulnerabilities
Current behaviour
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating gulp-webserver to 0.5.0,which is a SemVer major change.
npm WARN audit Updating gulp to 4.0.2,which is a SemVer major change.
npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated [email protected]: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
A summary of the critical issues.
Run npm audit for details.
angulardata % npm audit
debug <=2.6.8 || 3.0.0 - 3.0.1
Regular Expression Denial of Service - https://npmjs.com/advisories/534
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/tiny-lr/node_modules/debug
The text was updated successfully, but these errors were encountered:
Issue Overview
When running 'npm install' 15 vulnerabilities (1 low, 12 high, 2 critical) show up.
Is this simply a case of updating some of the
To be entirely honest I don't know if this is an issue or I am missing something.
Describe your environment
npm --version
7.0.10
node --version
v12.18.3
Steps to reproduce
Change directory to desktop:
Git clone https://github.com/planetoftheweb/angulardata.git
Change directory to 'angulardata'.
Run npm install
Expected behaviour
NPM installs modules without critical vulnerabilities
Current behaviour
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating gulp-webserver to 0.5.0,which is a SemVer major change.
npm WARN audit Updating gulp to 4.0.2,which is a SemVer major change.
npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated [email protected]: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
A summary of the critical issues.
Run
npm audit
for details.angulardata % npm audit
npm audit report
Severity: critical
Command Injection - https://npmjs.com/advisories/663
fix available via
npm audit fix --force
Will install [email protected], which is a breaking change
debug <=2.6.8 || 3.0.0 - 3.0.1
Regular Expression Denial of Service - https://npmjs.com/advisories/534
fix available via
npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/tiny-lr/node_modules/debug
The text was updated successfully, but these errors were encountered: