build notes: npm install vulnerabilities

i5hi commented 6 years ago

additional note: when running npm install: the process ends as follows:

(node:9103) MaxListenersExceededWarning: Possible EventEmitter memory leak detected. 11 SIGINT listeners added. Use emitter.setMaxListeners() to increase limit Use styled-components at work? Consider supporting our development efforts at opencollective.com/styled-components npm notice created a lockfile as package-lock.json. You should commit this file. npm WARN stylelint-webpack-plugin@0.10.5 requires a peer of stylelint@^8.0.0 but none is installed. You must install peer dependencies yourself. npm WARN ajv-keywords@3.2.0 requires a peer of ajv@^6.0.0 but none is installed. You must install peer dependencies yourself. npm WARN ajv-errors@1.0.0 requires a peer of ajv@>=5.0.0 but none is installed. You must install peer dependencies yourself. npm WARN bcnet.io@1.0.0 No repository field. npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules/fsevents): npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

added 2266 packages from 1141 contributors and audited 123025 packages in 103.536s found 5 vulnerabilities (3 low, 2 high) run npm audit fix to fix them, or npm audit for details

correcting this requires npm audit fix --force.

npm audit reports the following:

=== npm audit security report ===

Run npm install --save-dev fbjs-scripts@1.0.1 to resolve 5 vulnerabilities SEMVER WARNING: Recommended action is a potentially breaking change

Low Prototype Pollution

Package lodash