Closed zavalyshyn closed 4 years ago
Thanks for raising this issue! I'd be happy to take a pull request for this fix. It should only take 2 small changes to remove the lodash dependency:
Replace line 29 with
this.name = options.name || ('camera' + (Math.floor(Math.random() * 1000)));
Replace line 35 with
this.sendImmediately = 'sendImmediately' in options ? options.sendImmediately : true;
After those changes, you should be able to remove the dependency on lodash and this would no longer be an issue.
I went ahead and fixed this as there was another issue in mjpeg-consumer that I wanted to bring into this library.
Wow, just when I wanted to contribute somehow :) Thanks a lot!
If you run across issues in any of my other libraries, I'm always happy to take pull requests. Additionally, if you want to improve mjpeg-camera
, it could certainly use some tests. The tests for mjpeg-consumer would be a great starting point for mjpeg-camera
tests.
The Lodash library has been found to be vulnerable to Prototype Pollution attack. npm advises an update to the latest library version.
Do you think it will require a lot of effort?
I tried running 'npm audit fix' but apparently the patch causes breaking changes in mjpeg-camera code.