Ilshidur
commented
6 years ago :+1:
I would like to add something about vulnerabilities :
As the nightmare package had a vulnerability on the electron-prebuilt package since version 2.0.0 and kind of fixed it in the version 2.8.1, I think it would be nice to at least update to nightmare@2.8.1 until the maintainers definitely fix the issue.
At the moment, x-ray-phantom only has this vulnerability according to Snyk (
).
Just a quick heads-up for people who might want to try to use this package with x-ray:
Currently x-ray-phantom has a dependency on Nightmare 1.7.0, which in turn requires phantom 0.7.0, which is a deprecated version that only works with phantomjs 1.9.8 and earlier (the current version of phantomjs is v2+).
Essentially this means that using phantom to drive x-ray is pretty much broken unless you stick to legacy phantomjs. Further complicating the issue is the fact that the newer Nightmare (latest is 2.5.2) actually switched it's headless browser to electronjs instead of phantomjs.