npm warns of 8 vulnerabilities when installing

WickyNilliams / headroom.js

Give your pages some headroom. Hide your header until you need it

https://wicky.nillia.ms/headroom.js/

MIT License

10.86k stars 824 forks source link

npm warns of 8 vulnerabilities when installing #362

Closed prtksxna closed 4 years ago

prtksxna commented 4 years ago

▶ npm install headroom.js --save
+ headroom.js@0.11.0
added 1 package from 1 contributor and audited 240 packages in 3.288s
found 8 vulnerabilities (1 moderate, 7 high)
  run `npm audit fix` to fix them, or `npm audit` for details

WickyNilliams commented 4 years ago

Hmm.. that's strange since this library doesn't have any dependencies (apart from stuff for dev). They shouldn't even be installed if you're installing as a dependency yourself! Npm being a bit overzealous perhaps.

In any case, I'll look to fix. Thanks for reporting

WickyNilliams commented 4 years ago

Hmmm... Just to be sure, could these be vulnerabilities in other packages you've installed? What does it say if you run npm audit?

WickyNilliams commented 4 years ago

$ npm install headroom.js --save

+ headroom.js@0.11.0
added 1 package from 1 contributor and audited 1 package in 1.24s
found 0 vulnerabilities

Just did a fresh install locally. No vulnerabilities reported.

I think this has been misattributed. Closing