User's who set up atom-hydra via npm link need to manually install package.json dependencies since they are no longer handled by the Atom IDE. This PR adds the npm install step to the root-level README file to improve accessibility.
Resolves: #51, #50
Also, I ran npm audit fix to remove 2 critical vulnerabilities. Here are the results.
Before audit:
❯ npm install
npm WARN deprecated dgram@1.0.1: npm is holding this package for security reasons. As it's a core Node module, we will not transfer it over to other users. You may safely remove the package from your dependencies.
added 63 packages, and audited 64 packages in 3s
6 vulnerabilities (4 moderate, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Auditing:
❯ npm audit fix
changed 6 packages, and audited 64 packages in 5s
# npm audit report
jquery <=3.4.1
Severity: moderate
Cross-Site Scripting (XSS) in jquery - https://github.com/advisories/GHSA-rmxg-73gg-4p98
XSS in jQuery as used in Drupal, Backdrop CMS, and other products - https://github.com/advisories/GHSA-6c3j-c64m-qhgq
Potential XSS vulnerability in jQuery - https://github.com/advisories/GHSA-gxr4-xjj5-5px2
Potential XSS vulnerability in jQuery - https://github.com/advisories/GHSA-jpcq-cgw6-v4j6
fix available via `npm audit fix --force`
Will install atom-message-panel@1.2.4, which is a breaking change
node_modules/jquery
space-pen >=5.1.0
Depends on vulnerable versions of jquery
node_modules/space-pen
atom-space-pen-views >=2.1.1
Depends on vulnerable versions of space-pen
node_modules/atom-space-pen-views
atom-message-panel >=1.2.5
Depends on vulnerable versions of atom-space-pen-views
node_modules/atom-message-panel
4 moderate severity vulnerabilities
Installing after:
❯ npm install
npm WARN deprecated dgram@1.0.1: npm is holding this package for security reasons. As it's a core Node module, we will not transfer it over to other users. You may safely remove the package from your dependencies.
added 63 packages, and audited 64 packages in 2s
4 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
P.S. lmk if you'd like to rebuild this plugin for VSCode or WebStorm. I'd be happy to lend a hand :)
Summary
User's who set up atom-hydra via
npm link
need to manually installpackage.json
dependencies since they are no longer handled by the Atom IDE. This PR adds thenpm install
step to the root-level README file to improve accessibility.Resolves: #51, #50
Also, I ran
npm audit fix
to remove 2 critical vulnerabilities. Here are the results. Before audit:Auditing:
Installing after:
P.S. lmk if you'd like to rebuild this plugin for VSCode or WebStorm. I'd be happy to lend a hand :)