npm install inside git source tree generates error warnings

[federerfanatic]

Describe the issue

OS: $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.2 LTS Release: 22.04 Codename: jammy

$ npm --version 9.5.0

APT-Sources: https://deb.nodesource.com/node_19.x jammy/main amd64 Packages

$ npm audit fix --force npm WARN using --force Recommended protections disabled. npm WARN audit Updating vue-svg-loader to 0.10.0, which is a SemVer major change.

removed 1 package, changed 1 package, and audited 817 packages in 3s

64 packages are looking for funding run npm fund for details

npm audit report

nth-check <2.0.1 Severity: high Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via npm audit fix --force Will install vue-svg-loader@0.16.0, which is a breaking change node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/css-select svgo 1.0.0 - 1.3.2 Depends on vulnerable versions of css-select node_modules/svgo vue-svg-loader 0.5.0 - 0.10.0 || >=0.17.0-beta.0 Depends on vulnerable versions of svgo node_modules/vue-svg-loader

4 high severity vulnerabilities

Browser

Edge

Browser Version

ii microsoft-edge-dev 111.0.1652.0-1 amd64

Extension Version

6 . 3.3

[Sneezry]

Is that a CVE warning or a build error? Can you build the project successfully?

[federerfanatic]

$ npm run dev:chrome

authenticator-extension@0.1.0 dev:chrome npm run pretest && webpack --config ./webpack.watch.js

authenticator-extension@0.1.0 pretest bash scripts/build.sh test

Removing old build files... Checking style... stderr_npm_run_dev_chrome.gz stderr_npm_run_dev_chrome.gz

Warning: Missing info in credentials.ts Compiling...

stderr generates a bunch of code, see .gz file

[federerfanatic]

Note the extension works fine as installed from Microsoft Store.