installation fails

[mhf-ir]

Installation faild:

sweb@sweb-laptop:/tmp$ git clone https://github.com/nodejitsu/node-http-proxy
Cloning into 'node-http-proxy'...
remote: Enumerating objects: 5786, done.
remote: Total 5786 (delta 0), reused 0 (delta 0), pack-reused 5786
Receiving objects: 100% (5786/5786), 1.30 MiB | 22.00 KiB/s, done.
Resolving deltas: 100% (2784/2784), done.
sweb@sweb-laptop:/tmp$ cd node-http-proxy/
sweb@sweb-laptop:/tmp/node-http-proxy$ ll
total 300
drwxrwxr-x  8 sweb sweb   4096 May 20 17:23 ./
drwxrwxrwt 27 root root 118784 May 20 17:24 ../
drwxrwxr-x  3 sweb sweb   4096 May 20 17:23 benchmark/
-rw-rw-r--  1 sweb sweb    156 May 20 17:23 codecov.yml
-rw-rw-r--  1 sweb sweb   3254 May 20 17:23 CODE_OF_CONDUCT.md
drwxrwxr-x  2 sweb sweb   4096 May 20 17:23 doc/
drwxrwxr-x  7 sweb sweb   4096 May 20 17:23 examples/
drwxrwxr-x  8 sweb sweb   4096 May 20 17:23 .git/
-rw-rw-r--  1 sweb sweb     96 May 20 17:23 .gitignore
-rw-rw-r--  1 sweb sweb    375 May 20 17:23 index.js
drwxrwxr-x  3 sweb sweb   4096 May 20 17:23 lib/
-rw-rw-r--  1 sweb sweb   1154 May 20 17:23 LICENSE
-rw-rw-r--  1 sweb sweb     65 May 20 17:23 .npmignore
-rw-rw-r--  1 sweb sweb    923 May 20 17:23 package.json
-rw-rw-r--  1 sweb sweb  97577 May 20 17:23 package-lock.json
-rw-rw-r--  1 sweb sweb  19413 May 20 17:23 README.md
drwxrwxr-x  3 sweb sweb   4096 May 20 17:23 test/
-rw-rw-r--  1 sweb sweb    258 May 20 17:23 .travis.yml
-rw-rw-r--  1 sweb sweb   2745 May 20 17:23 UPGRADING.md
sweb@sweb-laptop:/tmp/node-http-proxy$ npm install

> bufferutil@1.2.1 install /tmp/node-http-proxy/node_modules/bufferutil
> node-gyp rebuild

make: Entering directory '/tmp/node-http-proxy/node_modules/bufferutil/build'
  CXX(target) Release/obj.target/bufferutil/src/bufferutil.o
../src/bufferutil.cc: In static member function ‘static Nan::NAN_METHOD_RETURN_TYPE BufferUtil::Merge(Nan::NAN_METHOD_ARGS_TYPE)’:
../src/bufferutil.cc:49:49: warning: ‘v8::Local<v8::Object> v8::Value::ToObject() const’ is deprecated: Use maybe version [-Wdeprecated-declarations]
     Local<Object> bufferObj = info[0]->ToObject();
                                                 ^
In file included from ../src/bufferutil.cc:7:0:
/home/sweb/.node-gyp/10.15.3/include/node/v8.h:10046:15: note: declared here
 Local<Object> Value::ToObject() const {
               ^~~~~
../src/bufferutil.cc:56:51: warning: ‘v8::Local<v8::Object> v8::Value::ToObject() const’ is deprecated: Use maybe version [-Wdeprecated-declarations]
       Local<Object> src = array->Get(i)->ToObject();
                                                   ^
In file included from ../src/bufferutil.cc:7:0:
/home/sweb/.node-gyp/10.15.3/include/node/v8.h:10046:15: note: declared here
 Local<Object> Value::ToObject() const {
               ^~~~~
../src/bufferutil.cc: In static member function ‘static Nan::NAN_METHOD_RETURN_TYPE BufferUtil::Unmask(Nan::NAN_METHOD_ARGS_TYPE)’:
../src/bufferutil.cc:67:50: warning: ‘v8::Local<v8::Object> v8::Value::ToObject() const’ is deprecated: Use maybe version [-Wdeprecated-declarations]
     Local<Object> buffer_obj = info[0]->ToObject();
                                                  ^
In file included from ../src/bufferutil.cc:7:0:
/home/sweb/.node-gyp/10.15.3/include/node/v8.h:10046:15: note: declared here
 Local<Object> Value::ToObject() const {
               ^~~~~
../src/bufferutil.cc:69:48: warning: ‘v8::Local<v8::Object> v8::Value::ToObject() const’ is deprecated: Use maybe version [-Wdeprecated-declarations]
     Local<Object> mask_obj = info[1]->ToObject();
                                                ^
In file included from ../src/bufferutil.cc:7:0:
/home/sweb/.node-gyp/10.15.3/include/node/v8.h:10046:15: note: declared here
 Local<Object> Value::ToObject() const {
               ^~~~~
../src/bufferutil.cc: In static member function ‘static Nan::NAN_METHOD_RETURN_TYPE BufferUtil::Mask(Nan::NAN_METHOD_ARGS_TYPE)’:
../src/bufferutil.cc:88:50: warning: ‘v8::Local<v8::Object> v8::Value::ToObject() const’ is deprecated: Use maybe version [-Wdeprecated-declarations]
     Local<Object> buffer_obj = info[0]->ToObject();
                                                  ^
In file included from ../src/bufferutil.cc:7:0:
/home/sweb/.node-gyp/10.15.3/include/node/v8.h:10046:15: note: declared here
 Local<Object> Value::ToObject() const {
               ^~~~~
../src/bufferutil.cc:89:48: warning: ‘v8::Local<v8::Object> v8::Value::ToObject() const’ is deprecated: Use maybe version [-Wdeprecated-declarations]
     Local<Object> mask_obj = info[1]->ToObject();
                                                ^
In file included from ../src/bufferutil.cc:7:0:
/home/sweb/.node-gyp/10.15.3/include/node/v8.h:10046:15: note: declared here
 Local<Object> Value::ToObject() const {
               ^~~~~
../src/bufferutil.cc:91:50: warning: ‘v8::Local<v8::Object> v8::Value::ToObject() const’ is deprecated: Use maybe version [-Wdeprecated-declarations]
     Local<Object> output_obj = info[2]->ToObject();
                                                  ^
In file included from ../src/bufferutil.cc:7:0:
/home/sweb/.node-gyp/10.15.3/include/node/v8.h:10046:15: note: declared here
 Local<Object> Value::ToObject() const {
               ^~~~~
../src/bufferutil.cc:92:51: warning: ‘int32_t v8::Value::Int32Value() const’ is deprecated: Use maybe version [-Wdeprecated-declarations]
     unsigned int dataOffset = info[3]->Int32Value();
                                                   ^
In file included from /home/sweb/.node-gyp/10.15.3/include/node/v8.h:26:0,
                 from ../src/bufferutil.cc:7:
/home/sweb/.node-gyp/10.15.3/include/node/v8.h:2478:46: note: declared here
   V8_DEPRECATED("Use maybe version", int32_t Int32Value() const);
                                              ^
/home/sweb/.node-gyp/10.15.3/include/node/v8config.h:324:3: note: in definition of macro ‘V8_DEPRECATED’
   declarator __attribute__((deprecated(message)))
   ^~~~~~~~~~
../src/bufferutil.cc:93:47: warning: ‘int32_t v8::Value::Int32Value() const’ is deprecated: Use maybe version [-Wdeprecated-declarations]
     unsigned int length = info[4]->Int32Value();
                                               ^
In file included from /home/sweb/.node-gyp/10.15.3/include/node/v8.h:26:0,
                 from ../src/bufferutil.cc:7:
/home/sweb/.node-gyp/10.15.3/include/node/v8.h:2478:46: note: declared here
   V8_DEPRECATED("Use maybe version", int32_t Int32Value() const);
                                              ^
/home/sweb/.node-gyp/10.15.3/include/node/v8config.h:324:3: note: in definition of macro ‘V8_DEPRECATED’
   declarator __attribute__((deprecated(message)))
   ^~~~~~~~~~
../src/bufferutil.cc:102:39: warning: this statement may fall through [-Wimplicit-fallthrough=]
       case 3: *((unsigned char*)to+2) = *((unsigned char*)from+2) ^ *((unsigned char*)mask+2);
               ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/bufferutil.cc:103:7: note: here
       case 2: *((unsigned char*)to+1) = *((unsigned char*)from+1) ^ *((unsigned char*)mask+1);
       ^~~~
../src/bufferutil.cc:103:39: warning: this statement may fall through [-Wimplicit-fallthrough=]
       case 2: *((unsigned char*)to+1) = *((unsigned char*)from+1) ^ *((unsigned char*)mask+1);
               ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/bufferutil.cc:104:7: note: here
       case 1: *((unsigned char*)to  ) = *((unsigned char*)from  ) ^ *((unsigned char*)mask);
       ^~~~
../src/bufferutil.cc: In static member function ‘static Nan::NAN_METHOD_RETURN_TYPE BufferUtil::Unmask(Nan::NAN_METHOD_ARGS_TYPE)’:
../src/bufferutil.cc:77:41: warning: this statement may fall through [-Wimplicit-fallthrough=]
       case 3: *((unsigned char*)from+2) = *((unsigned char*)from+2) ^ ((unsigned char*)mask)[2];
               ~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/bufferutil.cc:78:7: note: here
       case 2: *((unsigned char*)from+1) = *((unsigned char*)from+1) ^ ((unsigned char*)mask)[1];
       ^~~~
../src/bufferutil.cc:78:41: warning: this statement may fall through [-Wimplicit-fallthrough=]
       case 2: *((unsigned char*)from+1) = *((unsigned char*)from+1) ^ ((unsigned char*)mask)[1];
               ~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/bufferutil.cc:79:7: note: here
       case 1: *((unsigned char*)from  ) = *((unsigned char*)from  ) ^ ((unsigned char*)mask)[0];
       ^~~~
  SOLINK_MODULE(target) Release/obj.target/bufferutil.node
  COPY Release/bufferutil.node
make: Leaving directory '/tmp/node-http-proxy/node_modules/bufferutil/build'

> utf-8-validate@1.2.2 install /tmp/node-http-proxy/node_modules/utf-8-validate
> node-gyp rebuild

make: Entering directory '/tmp/node-http-proxy/node_modules/utf-8-validate/build'
  CXX(target) Release/obj.target/validation/src/validation.o
In file included from ../node_modules/nan/nan.h:190:0,
                 from ../src/validation.cc:15:
../node_modules/nan/nan_maybe_43_inl.h: In function ‘Nan::Maybe<bool> Nan::ForceSet(v8::Local<v8::Object>, v8::Local<v8::Value>, v8::Local<v8::Value>, v8::PropertyAttribute)’:
../node_modules/nan/nan_maybe_43_inl.h:88:15: error: ‘class v8::Object’ has no member named ‘ForceSet’
   return obj->ForceSet(GetCurrentContext(), key, value, attribs);
               ^~~~~~~~
In file included from ../src/validation.cc:15:0:
../node_modules/nan/nan.h: In function ‘v8::Local<v8::Value> Nan::MakeCallback(v8::Local<v8::Object>, v8::Local<v8::Function>, int, v8::Local<v8::Value>*)’:
../node_modules/nan/nan.h:817:60: warning: ‘v8::Local<v8::Value> node::MakeCallback(v8::Isolate*, v8::Local<v8::Object>, v8::Local<v8::Function>, int, v8::Local<v8::Value>*)’ is deprecated: Use MakeCallback(..., async_context) [-Wdeprecated-declarations]
         v8::Isolate::GetCurrent(), target, func, argc, argv);
                                                            ^
In file included from ../src/validation.cc:8:0:
/home/sweb/.node-gyp/10.15.3/include/node/node.h:177:50: note: declared here
                 NODE_EXTERN v8::Local<v8::Value> MakeCallback(
                                                  ^
/home/sweb/.node-gyp/10.15.3/include/node/node.h:91:42: note: in definition of macro ‘NODE_DEPRECATED’
     __attribute__((deprecated(message))) declarator
                                          ^~~~~~~~~~
In file included from ../src/validation.cc:15:0:
../node_modules/nan/nan.h: In function ‘v8::Local<v8::Value> Nan::MakeCallback(v8::Local<v8::Object>, v8::Local<v8::String>, int, v8::Local<v8::Value>*)’:
../node_modules/nan/nan.h:831:62: warning: ‘v8::Local<v8::Value> node::MakeCallback(v8::Isolate*, v8::Local<v8::Object>, v8::Local<v8::String>, int, v8::Local<v8::Value>*)’ is deprecated: Use MakeCallback(..., async_context) [-Wdeprecated-declarations]
         v8::Isolate::GetCurrent(), target, symbol, argc, argv);
                                                              ^
In file included from ../src/validation.cc:8:0:
/home/sweb/.node-gyp/10.15.3/include/node/node.h:170:50: note: declared here
                 NODE_EXTERN v8::Local<v8::Value> MakeCallback(
                                                  ^
/home/sweb/.node-gyp/10.15.3/include/node/node.h:91:42: note: in definition of macro ‘NODE_DEPRECATED’
     __attribute__((deprecated(message))) declarator
                                          ^~~~~~~~~~
In file included from ../src/validation.cc:15:0:
../node_modules/nan/nan.h: In function ‘v8::Local<v8::Value> Nan::MakeCallback(v8::Local<v8::Object>, const char*, int, v8::Local<v8::Value>*)’:
../node_modules/nan/nan.h:845:62: warning: ‘v8::Local<v8::Value> node::MakeCallback(v8::Isolate*, v8::Local<v8::Object>, const char*, int, v8::Local<v8::Value>*)’ is deprecated: Use MakeCallback(..., async_context) [-Wdeprecated-declarations]
         v8::Isolate::GetCurrent(), target, method, argc, argv);
                                                              ^
In file included from ../src/validation.cc:8:0:
/home/sweb/.node-gyp/10.15.3/include/node/node.h:163:50: note: declared here
                 NODE_EXTERN v8::Local<v8::Value> MakeCallback(
                                                  ^
/home/sweb/.node-gyp/10.15.3/include/node/node.h:91:42: note: in definition of macro ‘NODE_DEPRECATED’
     __attribute__((deprecated(message))) declarator
                                          ^~~~~~~~~~
In file included from ../src/validation.cc:15:0:
../node_modules/nan/nan.h: In member function ‘v8::Local<v8::Value> Nan::Callback::Call_(v8::Isolate*, v8::Local<v8::Object>, int, v8::Local<v8::Value>*) const’:
../node_modules/nan/nan.h:1453:5: warning: ‘v8::Local<v8::Value> node::MakeCallback(v8::Isolate*, v8::Local<v8::Object>, v8::Local<v8::Function>, int, v8::Local<v8::Value>*)’ is deprecated: Use MakeCallback(..., async_context) [-Wdeprecated-declarations]
     ));
     ^
In file included from ../src/validation.cc:8:0:
/home/sweb/.node-gyp/10.15.3/include/node/node.h:177:50: note: declared here
                 NODE_EXTERN v8::Local<v8::Value> MakeCallback(
                                                  ^
/home/sweb/.node-gyp/10.15.3/include/node/node.h:91:42: note: in definition of macro ‘NODE_DEPRECATED’
     __attribute__((deprecated(message))) declarator
                                          ^~~~~~~~~~
../src/validation.cc: In static member function ‘static Nan::NAN_METHOD_RETURN_TYPE Validation::IsValidUTF8(Nan::NAN_METHOD_ARGS_TYPE)’:
../src/validation.cc:131:50: warning: ‘v8::Local<v8::Object> v8::Value::ToObject() const’ is deprecated: Use maybe version [-Wdeprecated-declarations]
     Local<Object> buffer_obj = info[0]->ToObject();
                                                  ^
In file included from ../src/validation.cc:7:0:
/home/sweb/.node-gyp/10.15.3/include/node/v8.h:10046:15: note: declared here
 Local<Object> Value::ToObject() const {
               ^~~~~
../src/validation.cc: In function ‘int is_valid_utf8(size_t, char*)’:
../src/validation.cc:81:47: warning: this statement may fall through [-Wimplicit-fallthrough=]
       case 5 : ch += (uint8_t) value[i++]; ch <<= 6;
                                            ~~~^~~~~
../src/validation.cc:82:7: note: here
       case 4 : ch += (uint8_t) value[i++]; ch <<= 6;
       ^~~~
../src/validation.cc:82:47: warning: this statement may fall through [-Wimplicit-fallthrough=]
       case 4 : ch += (uint8_t) value[i++]; ch <<= 6;
                                            ~~~^~~~~
../src/validation.cc:83:7: note: here
       case 3 : ch += (uint8_t) value[i++]; ch <<= 6;
       ^~~~
../src/validation.cc:83:47: warning: this statement may fall through [-Wimplicit-fallthrough=]
       case 3 : ch += (uint8_t) value[i++]; ch <<= 6;
                                            ~~~^~~~~
../src/validation.cc:84:7: note: here
       case 2 : ch += (uint8_t) value[i++]; ch <<= 6;
       ^~~~
../src/validation.cc:84:47: warning: this statement may fall through [-Wimplicit-fallthrough=]
       case 2 : ch += (uint8_t) value[i++]; ch <<= 6;
                                            ~~~^~~~~
../src/validation.cc:85:7: note: here
       case 1 : ch += (uint8_t) value[i++]; ch <<= 6;
       ^~~~
../src/validation.cc:85:47: warning: this statement may fall through [-Wimplicit-fallthrough=]
       case 1 : ch += (uint8_t) value[i++]; ch <<= 6;
                                            ~~~^~~~~
../src/validation.cc:86:7: note: here
       case 0 : ch += (uint8_t) value[i];
       ^~~~
../src/validation.cc: In function ‘int isLegalUTF8(const uint8_t*, int)’:
../src/validation.cc:51:13: warning: this statement may fall through [-Wimplicit-fallthrough=]
     case 4: if ((a = (*--srcptr)) < 0x80 || a > 0xBF) return 0;
             ^~
../src/validation.cc:52:5: note: here
     case 3: if ((a = (*--srcptr)) < 0x80 || a > 0xBF) return 0;
     ^~~~
../src/validation.cc:52:13: warning: this statement may fall through [-Wimplicit-fallthrough=]
     case 3: if ((a = (*--srcptr)) < 0x80 || a > 0xBF) return 0;
             ^~
../src/validation.cc:53:5: note: here
     case 2: if ((a = (*--srcptr)) < 0x80 || a > 0xBF) return 0;
     ^~~~
../src/validation.cc:59:20: warning: this statement may fall through [-Wimplicit-fallthrough=]
         case 0xF4: if (a > 0x8F) return 0;
                    ^~
../src/validation.cc:62:5: note: here
     case 1: if (*source >= 0x80 && *source < 0xC2) return 0;
     ^~~~
validation.target.mk:102: recipe for target 'Release/obj.target/validation/src/validation.o' failed
make: *** [Release/obj.target/validation/src/validation.o] Error 1
make: Leaving directory '/tmp/node-http-proxy/node_modules/utf-8-validate/build'
gyp ERR! build error 
gyp ERR! stack Error: `make` failed with exit code: 2
gyp ERR! stack     at ChildProcess.onExit (/usr/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:262:23)
gyp ERR! stack     at ChildProcess.emit (events.js:189:13)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:248:12)
gyp ERR! System Linux 4.15.0-50-generic
gyp ERR! command "/usr/bin/node" "/usr/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /tmp/node-http-proxy/node_modules/utf-8-validate
gyp ERR! node -v v10.15.3
gyp ERR! node-gyp -v v3.8.0
gyp ERR! not ok 
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: utf-8-validate@1.2.2 (node_modules/utf-8-validate):
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: utf-8-validate@1.2.2 install: `node-gyp rebuild`
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: Exit status 1

added 435 packages from 467 contributors in 14.239s
sweb@sweb-laptop:/tmp/node-http-proxy$ npm -v
6.9.0
sweb@sweb-laptop:/tmp/node-http-proxy$ nodejs -v
v10.15.3

Audit problem:

sweb@sweb-laptop:/tmp/node-http-proxy$ npm audit

                       === npm audit security report ===                        

# Run  npm install --save-dev nyc@14.1.1  to resolve 12 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nyc > istanbul-lib-instrument > babel-generator >            │
│               │ babel-types > lodash                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/782                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nyc > istanbul-lib-instrument > babel-generator > lodash     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/782                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nyc > istanbul-lib-instrument > babel-template >             │
│               │ babel-traverse > babel-types > lodash                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/782                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nyc > istanbul-lib-instrument > babel-template >             │
│               │ babel-traverse > lodash                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/782                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nyc > istanbul-lib-instrument > babel-template > babel-types │
│               │ > lodash                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/782                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nyc > istanbul-lib-instrument > babel-template > lodash      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/782                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nyc > istanbul-lib-instrument > babel-traverse > babel-types │
│               │ > lodash                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/782                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nyc > istanbul-lib-instrument > babel-traverse > lodash      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/782                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nyc > istanbul-lib-instrument > babel-types > lodash         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/782                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ handlebars                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nyc > istanbul-reports > handlebars                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/755                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ braces                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nyc > micromatch > braces                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/786                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Cryptographically Weak PRNG                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ randomatic                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nyc [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nyc > micromatch > braces > expand-range > fill-range >      │
│               │ randomatic                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/157                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

# Run  npm install --save-dev mocha@6.1.4  to resolve 2 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ debug                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mocha [dev]                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mocha > debug                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/534                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Command Injection                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ growl                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mocha [dev]                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mocha > growl                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/146                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

# Run  npm install --save-dev ws@7.0.0  to resolve 3 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ws [dev]                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/550                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ DoS due to excessively large websocket message               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ws [dev]                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/120                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Remote Memory Disclosure                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ws [dev]                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/67                              │
└───────────────┴──────────────────────────────────────────────────────────────┘

# Run  npm update lodash --depth 2  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ async [dev]                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ async > lodash                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/782                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

found 18 vulnerabilities (4 low, 10 moderate, 3 high, 1 critical) in 1550 scanned packages
  run `npm audit fix` to fix 1 of them.
  17 vulnerabilities require semver-major dependency updates.

sweb@sweb-laptop:/tmp/node-http-proxy$ git log
commit a3fe02d651d05d02d0ced377c22ae8345a2435a4 (HEAD -> master, origin/master, origin/HEAD)
Author: 任侠 <renxia@users.noreply.github.com>
Date:   Thu Jun 7 00:39:50 2018 +0800

    [examples] Restream body before proxying, support for Content-Type of application/x-www-form-urlencoded (#1264)

[mhf-ir]

Force to audit fix packages:

sweb@sweb-laptop:/tmp/node-http-proxy$ npm audit fix --force
npm WARN using --force I sure hope you know what you are doing.
+ mocha@6.1.4
+ nyc@14.1.1
+ ws@7.0.0
added 139 packages from 107 contributors, removed 307 packages, updated 13 packages and moved 45 packages in 53.056s
fixed 18 of 18 vulnerabilities in 1550 scanned packages
  3 package updates for 17 vulns involved breaking changes
  (installed due to `--force` option)

Remove node_modules

sweb@sweb-laptop:/tmp/node-http-proxy$  rm node_modules -rf
sweb@sweb-laptop:/tmp/node-http-proxy$ npm install
added 267 packages from 610 contributors and audited 770 packages in 2.515s
found 0 vulnerabilities

[mhf-ir]

Testing problems:

  6) lib/http-proxy.js
       HTTPS #createProxyServer
         HTTPS not allow SSL self signed
           should fail with error:
     Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
      at Object.createSecureContext (_tls_common.js:113:17)
      at Server (_tls_wrap.js:870:27)
      at new Server (https.js:62:14)
      at Object.createServer (https.js:85:10)
      at Context.<anonymous> (test/lib-https-proxy-test.js:155:28)

ssl key is to small change key size of agent2.cnf to 2048 and regenerate it via open ssl.

$ cd test/fixtures
$ rm agent2-*
$ openssl genrsa -out ./agent2-key.pem 2048
$ openssl req -config agent2.cnf -new  -key agent2-key.pem -out agent2-csr.pem
$ openssl x509 -req -in agent2-csr.pem -signkey agent2-key.pem -out agent2-cert.pem
Signature ok
subject=C = US, ST = CA, L = SF, O = Joyent, OU = Node.js, CN = agent2, emailAddress = ry@tinyclouds.org
Getting Private key

Then i run test again:

sweb@sweb-laptop:/tmp/node-http-proxy$ npm run test

> http-proxy@1.17.0 test /tmp/node-http-proxy
> nyc --reporter=text --reporter=lcov npm run mocha

> http-proxy@1.17.0 mocha /tmp/node-http-proxy
> mocha test/*-test.js

  http-proxy examples
    Before testing examples
      - should have installed dependencies
    Requiring all the examples
      - should have no errors

  lib/http-proxy/common.js
    #setupOutgoing
      ✓ should setup the correct headers
      ✓ should not override agentless upgrade header
      ✓ should not override agentless connection: contains upgrade
      ✓ should override agentless connection: contains improper upgrade
      ✓ should override agentless non-upgrade header to close
      ✓ should set the agent to false if none is given
      ✓ set the port according to the protocol
      ✓ should keep the original target path in the outgoing path
      ✓ should keep the original forward path in the outgoing path
      ✓ should properly detect https/wss protocol without the colon
      ✓ should not prepend the target path to the outgoing path with prependPath = false
      ✓ should properly join paths
      ✓ should not modify the query string
      ✓ should correctly format the toProxy URL
      ✓ should not replace : to :\ when no https word before
      ✓ should not replace : to :\ when no http word before
      ✓ should pass through https client parameters
      ✓ should handle overriding the `method` of the http request
      ✓ should not pass null as last arg to #urlJoin
      when using ignorePath
        ✓ should ignore the path of the `req.url` passed in but use the target path
        ✓ and prependPath: false, it should ignore path of target and incoming request
      when using changeOrigin
        ✓ should correctly set the port to the host when it is a non-standard port using url.parse
        ✓ should correctly set the port to the host when it is a non-standard port when setting host and port manually (which ignores port)
    #setupSocket
      ✓ should setup a socket

  lib/http-proxy/passes/web.js
    #deleteLength
      ✓ should change `content-length` for DELETE requests
      ✓ should change `content-length` for OPTIONS requests
      ✓ should remove `transfer-encoding` from empty DELETE requests
    #timeout
      ✓ should set timeout on the socket
    #XHeaders
      ✓ set the correct x-forwarded-* headers

  #createProxyServer.web() using own http server
    ✓ should proxy the request using the web proxy handler
    ✓ should detect a proxyReq event and modify headers
    ✓ should proxy the request and handle error via callback
    ✓ should proxy the request and handle error via event listener
    ✓ should forward the request and handle error via event listener
    ✓ should proxy the request and handle timeout error (proxyTimeout) (105ms)
    ✓ should proxy the request and handle timeout error (108ms)
    ✓ should proxy the request and provide a proxyRes event with the request and response parameters
    ✓ should proxy the request and provide and respond to manual user response when using modifyResponse
    ✓ should proxy the request and handle changeOrigin option
    ✓ should proxy the request with the Authorization header set
(node:30863) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
    ✓ should proxy requests to multiple servers with different options

  #followRedirects
    ✓ should proxy the request follow redirects

  lib/http-proxy/passes/web-outgoing.js
    #setRedirectHostRewrite
      rewrites location host with hostRewrite
        ✓ on 201
        ✓ on 301
        ✓ on 302
        ✓ on 307
        ✓ on 308
        ✓ not on 200
        ✓ not when hostRewrite is unset
        ✓ takes precedence over autoRewrite
        ✓ not when the redirected location does not match target host
        ✓ not when the redirected location does not match target port
      rewrites location host with autoRewrite
        ✓ on 201
        ✓ on 301
        ✓ on 302
        ✓ on 307
        ✓ on 308
        ✓ not on 200
        ✓ not when autoRewrite is unset
        ✓ not when the redirected location does not match target host
        ✓ not when the redirected location does not match target port
      rewrites location protocol with protocolRewrite
        ✓ on 201
        ✓ on 301
        ✓ on 302
        ✓ on 307
        ✓ on 308
        ✓ not on 200
        ✓ not when protocolRewrite is unset
        ✓ works together with hostRewrite
        ✓ works together with autoRewrite
    #setConnection
      ✓ set the right connection with 1.0 - `close`
      ✓ set the right connection with 1.0 - req.connection
      ✓ set the right connection - req.connection
      ✓ set the right connection - `keep-alive`
      ✓ don`t set connection with 2.0 if exist
      ✓ don`t set connection with 2.0 if doesn`t exist
    #writeStatusCode
      ✓ should write status code
    #writeHeaders
      ✓ writes headers
      ✓ writes raw headers
      ✓ rewrites path
      ✓ does not rewrite path
      ✓ removes path
      ✓ does not rewrite domain
      ✓ rewrites domain
      ✓ removes domain
      ✓ rewrites headers with advanced configuration
      ✓ rewrites raw headers with advanced configuration

  lib/http-proxy/passes/ws-incoming.js
    #checkMethodAndHeader
      ✓ should drop non-GET connections
      ✓ should drop connections when no upgrade header
      ✓ should drop connections when upgrade header is different of `websocket`
      ✓ should return nothing when all is ok
    #XHeaders
      ✓ return if no forward request
      ✓ set the correct x-forwarded-* headers from req.connection
      ✓ set the correct x-forwarded-* headers from req.socket

  lib/http-proxy.js
    #createProxyServer
      - should throw without options
      ✓ should return an object otherwise
    #createProxyServer with forward options and using web-incoming passes
      ✓ should pipe the request using web-incoming#stream method
    #createProxyServer using the web-incoming passes
      ✓ should proxy sse
      ✓ should make the request on pipe and finish it
    #createProxyServer using the web-incoming passes
      ✓ should make the request, handle response and finish it
    #createProxyServer() method with error response
      ✓ should make the request and emit the error event
    #createProxyServer setting the correct timeout value
      ✓ should hang up the socket at the timeout
    #createProxyServer with xfwd option
      ✓ should not throw on empty http host header
    #createProxyServer using the ws-incoming passes
      ✓ should proxy the websockets stream
      ✓ should emit error on proxy error
      ✓ should close client socket if upstream is closed before upgrade
      ✓ should proxy a socket.io stream
      ✓ should emit open and close events when socket.io client connects and disconnects
      1) should pass all set-cookie headers to client
      2) should detect a proxyReq event and modify headers
      ✓ should forward frames with single frame payload (including on node 4.x)
      ✓ should forward continuation frames with big payload (including on node 4.x)

  lib/http-proxy.js
    HTTPS #createProxyServer
      HTTPS to HTTP
        ✓ should proxy the request en send back the response
      HTTP to HTTPS
        ✓ should proxy the request en send back the response
      HTTPS to HTTPS
        ✓ should proxy the request en send back the response
      HTTPS not allow SSL self signed
        ✓ should fail with error
      HTTPS to HTTP using own server
        ✓ should proxy the request en send back the response

  114 passing (3s)
  3 pending
  2 failing

  1) lib/http-proxy.js
       #createProxyServer using the ws-incoming passes
         should pass all set-cookie headers to client:
     Error: Timeout of 2000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/tmp/node-http-proxy/test/lib-http-proxy-test.js)

  2) lib/http-proxy.js
       #createProxyServer using the ws-incoming passes
         should detect a proxyReq event and modify headers:
     Uncaught TypeError: Cannot read property 'headers' of undefined
      at WebSocketServer.<anonymous> (test/lib-http-proxy-test.js:566:34)
      at handleUpgrade (node_modules/ws/lib/websocket-server.js:90:18)
      at WebSocketServer.completeUpgrade (node_modules/ws/lib/websocket-server.js:321:5)
      at WebSocketServer.handleUpgrade (node_modules/ws/lib/websocket-server.js:245:10)
      at Server.upgrade (node_modules/ws/lib/websocket-server.js:89:16)
      at onParserExecuteCommon (_http_server.js:552:14)
      at onParserExecute (_http_server.js:500:3)

events.js:174
      throw er; // Unhandled 'error' event
      ^

Error: socket hang up
    at createHangUpError (_http_client.js:323:15)
    at Socket.socketOnEnd (_http_client.js:426:23)
    at Socket.emit (events.js:194:15)
    at endReadableNT (_stream_readable.js:1125:12)
    at process._tickCallback (internal/process/next_tick.js:63:19)
Emitted 'error' event at:
    at Socket.socketOnEnd (_http_client.js:426:9)
    at Socket.emit (events.js:194:15)
    at endReadableNT (_stream_readable.js:1125:12)
    at process._tickCallback (internal/process/next_tick.js:63:19)
npm ERR! code ELIFECYCLE
npm ERR! errno 2
npm ERR! http-proxy@1.17.0 mocha: `mocha test/*-test.js`
npm ERR! Exit status 2
npm ERR! 
npm ERR! Failed at the http-proxy@1.17.0 mocha script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/sweb/.npm/_logs/2019-06-02T09_06_55_081Z-debug.log
-----------------------|----------|----------|----------|----------|-------------------|
File                   |  % Stmts | % Branch |  % Funcs |  % Lines | Uncovered Line #s |
-----------------------|----------|----------|----------|----------|-------------------|
All files              |    89.02 |    81.79 |    91.53 |     91.4 |                   |
 lib                   |      100 |      100 |      100 |      100 |                   |
  http-proxy.js        |      100 |      100 |      100 |      100 |                   |
 lib/http-proxy        |    83.97 |    76.61 |    85.19 |    85.91 |                   |
  common.js            |    97.06 |    94.44 |      100 |    97.06 |            54,227 |
  index.js             |    73.86 |    51.92 |    76.47 |    76.54 |... 78,179,182,184 |
 lib/http-proxy/passes |    93.14 |     85.9 |    96.77 |    96.23 |                   |
  web-incoming.js      |    95.65 |    82.09 |      100 |    98.33 |               187 |
  web-outgoing.js      |    98.08 |    96.23 |      100 |      100 |            91,122 |
  ws-incoming.js       |    85.19 |    77.78 |    90.91 |     89.8 |  90,91,93,132,155 |
-----------------------|----------|----------|----------|----------|-------------------|
npm ERR! code ELIFECYCLE
npm ERR! errno 2
npm ERR! http-proxy@1.17.0 test: `nyc --reporter=text --reporter=lcov npm run mocha`
npm ERR! Exit status 2
npm ERR! 
npm ERR! Failed at the http-proxy@1.17.0 test script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/sweb/.npm/_logs/2019-06-02T09_06_55_239Z-debug.log

[mhf-ir]

Summery:

• Test dependency problem
• Outdated or vulnerabilities dependency
• Test not passed
• Last git/npm tag version is about one year ago.

Is project is under maintain ? Many issue not moderates not answered or etc. Also seems be many pull request is holding up.

[shirshak55]

yes project is not maintained as it has not been updated since last year :)

[mhf-ir]

is there any good alternative ? nodejs or programmable (other language)

[shirshak55]

@mhf-ir what u need depends on that :)

[mhf-ir]

@shirshak55 Build custom api proxy and stuff, good support and better maintain.

Maye this question is already asked by many developers use this packages about 1.7 millions packages depend on unmaintained repo.

Prefer nodejs. HTTP/HTTPS good enough not require WS.

[shirshak55]

use nginx as a proxy for those api proxy? Nginx support ws too.

Yea this is legacy app so many project will depend on it and seems like there is no other good choice still :) I can make a new one with promise support but cannot due to financial burden.

If u need dedicated proxy then u can try sozu but it is written in rust so it may be odd programming language to u and sozu is the best proxy i have ever seen in my entire life :)

[mhf-ir]

@shirshak55 nginx, varnish, sozu or any reverse proxy it's config base and not programmable, i prefer like this one, could be custom via script not config.

[shirshak55]

hmm any reason?

[mhf-ir]

Look this simple solution.

Sample DDOS protection like cloud flare: When system healthy everything is good but in any reason we got DDOS attack we can protect backends from bot attempts.

let ddosProtectioMode = false;

const checkDdos = () => {
  ddosProtectioMode = checkForReason();
  setTimeout(() => {
    checkDdos();
  }, 1000);
};

checkDdos();

var server = http.createServer(function(req, res) {

  if (ddosProtectioMode && !request.headers.cookie.ddos) {
    res.writeHead(302, {
      'Location': '/check_ddos_captcha_page',
    });
    res.end();
  } else {
    proxy.web(req, res, {
      target: 'http://127.0.0.1:5060'
    });
  }
});

And many much more example. Condition for path, cookies, encrypted and decrypted cookies or headers and etc.. Depend on host or any request parameters also internally check for 3rd party resource we can choose different behavior and we need scripting language for that, performance is second problem not first one.

[shirshak55]

all these can be done via nginx?

[mhf-ir]

nope

[Falieson]

I have forked this library and published a version w/ npm audit fix --force . Github here: https://github.com/TGRstack/node-http-proxy npm i -S @tgrx/http-proxy