iandotkelly / nlf

Node License Finder
MIT License
153 stars 41 forks source link

Update dependencies #50

Closed IlCallo closed 6 years ago

IlCallo commented 6 years ago

Some dependencies are really outdated and rise a warning when a package-lock containing them is loaded on GitHub. Is it possible to update them?

iandotkelly commented 6 years ago

Yeah - I'll do this today.

iandotkelly commented 6 years ago

Or at the very least in the next couple of days :)

iandotkelly commented 6 years ago

https://github.com/iandotkelly/nlf/releases/tag/2.0.1

IlCallo commented 6 years ago

image Problem seems to be still here :\ Seems to be given by node-tap and expect.js/mocha dependencies

iandotkelly commented 6 years ago

What tool are you using there to display known vulnerabilities? You asked me to update dependencies, which I did to the latest at the time - short of stopping using those modules, I can't really do more.

Those modules (mocha and expect.js) are development dependencies only, and are not installed if you install using npm i nlf.

IlCallo commented 6 years ago

It's github which is complaining, when I load a package-lock.json which contains them.

I just required nlf as a normal dependency and run npm install, tomorrow I'll try removing node_modules folder and retrying the installation from zero

iandotkelly commented 6 years ago

Ok, this is a feature of github that I was not aware of. I don't seem to have these modules or vulnerabilities when I look at the equivalent page:

https://github.com/iandotkelly/nlf/network/dependencies

IlCallo commented 6 years ago

Solved, it was another package messing it up, sorry

iandotkelly commented 6 years ago

Hey, no worries - I needed to update the dependencies anyway.