halfnelson
commented
2 years ago Not sure where those dependencies are from.
A clean checkout of svelte-native gives 0 vulnerabilities in the svelte-native package when running npm audit. The the "demo" app/test project has a couple but these are in sub dependencies of postcss and karma which are dev time test time dependencies. I couldn't find any of the packages listed.
Could you give me more info on how you produced these warnings?
Just went to install this to use it for a prototype, but when installing see several depreciated versions that reference security issues.
npm WARN deprecated xmldom@0.3.0: Deprecated due to CVE-2021-21366 resolved in 0.5.0npm WARN deprecated socks@1.1.10: If using 2.x branch, please upgrade to at least 2.1.6 to avoid a serious bug with socket data flow and an import issue introduced in 2.1.0npm WARN deprecated axios@0.18.0: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410Is this project dead? There were others, but those seemed to be the worse of the bunch.