search

ExpediaGroup / cyclotron

A web platform for constructing dashboards.
https://www.cyclotron.io/
MIT License
1.56k stars 112 forks source link

Dependency of event-stream@3.3.6 causes failure #37

Closed eercanayar closed 5 years ago

eercanayar commented 5 years ago

cyclotron-site/package.json requires event-stream@3.3.6 indirectly and this package is suspended because of a security vulnerability. You can have a look at npm blog. How can we solve this dependency problem? It causes failure when npm install is run.

MacBook-Pro:cyclotron-site $ sudo npm install
npm ERR! code E404
npm ERR! 404 Not Found: event-stream@3.3.6

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/***/.npm/_logs/2018-12-10T12_27_08_401Z-debug.log
pratiks commented 5 years ago

This was the package that made news a while back that had the security vulnerability, it was removed from npm. It was since fixed.

See here: https://github.com/dominictarr/event-stream/issues/116.

Removing the package-lock.json and running npm install will update your dependencies with the new version.

pratiks commented 5 years ago

@baumandm - I can submit a PR, would you prefer an update to only the single dependency?

baumandm commented 5 years ago

That would be great! Probably safer to include the entire package-lock.json.