Open subhasishdas159 opened 2 years ago
I agree. The package is very outdated. Please accept the PRs.
Here is my installation output:
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated axios@0.19.2: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
added 187 packages, and audited 390 packages in 1m
6 high severity vulnerabilities
This error came while I used it with sveltekit
npm audit report
axios <=0.21.1 Severity: high Incorrect Comparison in axios - https://github.com/advisories/GHSA-cph5-m8f7-6c5x Server-Side Request Forgery in Axios - https://github.com/advisories/GHSA-4w2v-q235-vp99 fix available via
npm audit fix --force
Will install svelte-image@0.1.9, which is a breaking change node_modules/@cloudflare/wrangler/node_modules/axios node_modules/axios svelte-image >=0.0.5 Depends on vulnerable versions of axios Depends on vulnerable versions of svgo node_modules/svelte-imagenth-check <2.0.1 Severity: moderate Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via
npm audit fix --force
Will install svelte-image@0.1.9, which is a breaking change node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/css-select svgo 1.0.0 - 1.3.2 Depends on vulnerable versions of css-select node_modules/svgo svelte-image >=0.0.5 Depends on vulnerable versions of axios Depends on vulnerable versions of svgo node_modules/svelte-image5 vulnerabilities (3 moderate, 2 high)
To address all issues (including breaking changes), run: npm audit fix --force