Closed Berdmanfolk closed 3 years ago
Thanks @Berdmanfolk for opening this issue. Warnings are about dev dependencies and need to check them in detail. Some need an update probably. The standard installation (without build from source) goes without warnings:
npm i node-rfc
added 3 packages, and audited 3 packages in 35s
found 0 vulnerabilities
but build from source goes with warnings:
git clone https://github.com/SAP/node-rfc
cd node-rfc
npm i
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated popsicle-proxy-agent@3.0.0: Use `agent` option with `popsicle` directly
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated typings@2.1.1: Typings is deprecated in favor of NPM @types -- see README for more information
> node-rfc@2.4.0 preinstall
> npm install cmake-js prebuild-install prebuild node-addon-api
up to date, audited 1103 packages in 3s
48 packages are looking for funding
run `npm fund` for details
5 high severity vulnerabilities
npm audit
# npm audit report
http-proxy-agent <=2.0.0
Severity: high
Denial of Service - https://npmjs.com/advisories/607
fix available via `npm audit fix --force`
Will install typings@0.6.10, which is a breaking change
node_modules/http-proxy-agent
popsicle-proxy-agent *
Depends on vulnerable versions of http-proxy-agent
node_modules/popsicle-proxy-agent
typings-core *
Depends on vulnerable versions of popsicle-proxy-agent
node_modules/typings-core
typings >=0.7.0
Depends on vulnerable versions of typings-core
node_modules/typings
https-proxy-agent <=2.2.2
Severity: high
Machine-In-The-Middle - https://npmjs.com/advisories/1184
Denial of Service - https://npmjs.com/advisories/593
fix available via `npm audit fix`
The removal of typings
dev dependency fixed audit issues. The patch will be shipped in next release.
Hello! I try to compile from source, but to get the error:
And can't to find the solution. Can you please explain what is the error?