saubyk
commented
4 months ago Hi @Boondocker4 what's the version of nodejs and npm on your device?
Updating both of these of to the latest stable version should help resolve the issue
Closed Boondocker4 closed 4 months ago
saubyk
commented
4 months ago Hi @Boondocker4 what's the version of nodejs and npm on your device?
Updating both of these of to the latest stable version should help resolve the issue
Boondocker4
commented
4 months ago Hi saubyk, node -v v21.6.1 npm -v 10.4.0
Boondocker4
commented
4 months ago I tried a different version of node (20.11.0) which is the LTS version and comes with npm (10.2.4) Same issues. here is a screenshot of the 1st initial attempt to install. satoshi@nodebox:~/RTL$ npm install --omit=dev --legacy-peer-deps npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated csurf@1.11.0: Please use another csrf package npm WARN deprecated sourcemap-codec@1.4.8: Please use @jridgewell/sourcemap-code c instead npm WARN deprecated request-promise@4.2.6: request-promise has been deprecated b ecause it extends the now deprecated
I upgraded npm to 10.4.0 as system told me there was update available.
Attempted to install again by running npm install --omit=dev --legacy-peer-deps
below is screenshot of result...
satoshi@nodebox:~/RTL$ npm install --omit=dev --legacy-peer-deps npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
changed 1 package, and audited 393 packages in 3s
28 packages are looking for funding
run npm fund for details
2 moderate severity vulnerabilities
Some issues need review, and may require choosing a different dependency.
When I run the audit I am left with the same 2 issues as I posted in the beginning of this thread: Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie No fix available node_modules/request
tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 No fix available node_modules/request/node_modules/tough-cookie
2 moderate severity vulnerabilities
saubyk
commented
4 months ago so you should try to run without the legacy-peer-deps flag.
Also, it appears to me that you're able to complete the install, but vulnerabilities still remain? If that's the case please note that you won't be able address all the vulnerabilities on your own via audit actions.
Boondocker4
commented
4 months ago Thank you for your quick reply and your assistance.
I tried to run without legacy-peer-deps flag.
I am unable to complete the install and vulnerabilities remain. It attempts to build but won't complete as there are vulnerabilities.
I am unable to address all the vulnerabilities on my own via the audit actions.
the command npm audit --omit=dev --legacy-peer-deps displays the same errors as listed above:
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie No fix available node_modules/request
tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 No fix available node_modules/request/node_modules/tough-cookie
saubyk
commented
4 months ago I am unable to complete the install and vulnerabilities remain. It attempts to build but won't complete as there are vulnerabilities.
So, even if vulnerabilities remain it doesn't mean that install is not complete. Please try running RTL, it will work.
Like I said earlier, you will not be able to fix all the vulnerabilities on your own. Some of them require fixes from us and some may even still remain because fixes can be pending in libraries that we are depending on.
TLDR, you should be able to run RTL, even if a few unaddressed vulnerabilities remain.
Boondocker4
commented
4 months ago Problem solved!! I just needed to run node rtl. I didn't realize it would run even with multiple vulnerabilities. Thank you very much for your help!
Describe the bug When I try to install RTL using npm i get several severity vulnerabilities that are unable to be fixed. Result is RTL installation fails.
To Reproduce Steps to reproduce the behavior: Install nodejs using curl -fsSL https://deb.nodesource.com/setup_21.x | sudo -E bash - &&\ sudo apt-get install -y nodejs
wget https://github.com/Ride-The-Lightning/RTL/archive/refs/tags/v0.14.1.tar.gz tar -xvf v0.14.1.tar.gz cd RTL-0.14.1 npm install --omit=dev --legacy-peer-deps
Screenshots satoshi@nodebox:~/RTL$ npm install --omit=dev --legacy-peer-deps npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
changed 1 package, and audited 390 packages in 2s
27 packages are looking for funding run
npm fundfor details2 moderate severity vulnerabilities
Some issues need review, and may require choosing a different dependency.
Run
npm auditfor details.satoshi@nodebox:~/RTL$ npm audit --omit=dev --legacy-peer-deps
npm audit report
request * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie No fix available node_modules/request
tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 No fix available node_modules/request/node_modules/tough-cookie
2 moderate severity vulnerabilities
Some issues need review, and may require choosing a different dependency.
Your environment)
Version of
RTL0.14.1-betaVersion of
lndlncli version 0.17.3-beta commit=lightning-terminal-v0.12.2-alphaVersion of
bitcoind26.0.0Browser & browser version Brave v 1.61.116
Operating system Linux nodebox 5.15.0-92-generic #102-Ubuntu SMP Wed Jan 10 09:33:48 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux (Ubuntu 22.04.3 LTS)
any other relevant environment details
I had a previous version of RTL (0.14.0-beta) running for over 6 months. I tried to update to the latest version and i screwed something up. I have tried uninstalling nodejs and npm several times using uninstall tool. Nodejs and npm install with no issues. The installation of RTL will not execute without errors and I don't know how to fix the errors.
I did create a .npm-global directory in my home directory.
I also ran npm config set prefix '~/.npm-global' then added "export PATH=~/.npm-global/bin:$PATH" to .profile file ran source .profile to put changes into effect. This was all working for many months. ONLY when I went to update RTL and screwed things up did these problems start.