search

ourparentcenter / moleculer-template-project-ts-swagger

Project starter template for moleculer with swagger
MIT License
14 stars 3 forks source link

Config has undefined properties #18

Open manchuwook opened 1 year ago

manchuwook commented 1 year ago

There is a bunch of stuff that uses the logic JSON.parse(Config.LOGGERCOLORS) || true and LOGGERCOLORS (amongst others) are undefined. This is just from setting the NODE_ENV to development after doing the cli install with default settings. I also used the fix at the bottom of the README.md for prom-client as well as moleculer-db-adapter-mongoose (out of date).

Another issue is that jsonwebtoken has a moderate vulnerability for the version

# npm audit report

jsonwebtoken  <=8.5.1
Severity: moderate
jsonwebtoken unrestricted key type could lead to legacy keys usage  - https://github.com/advisories/GHSA-8cf7-32gw-wr33
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - https://github.com/advisories/GHSA-hjrf-2m68-5959
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() - https://github.com/advisories/GHSA-qwph-4952-7xr6
fix available via `npm audit fix --force`
Will install jsonwebtoken@9.0.0, which is a breaking change
node_modules/jsonwebtoken
Karnith commented 1 year ago

I've been in the process of updating this project. Thank you for reporting. I'll post when the updates are pushed.

Karnith commented 1 year ago

I've pushed to the dev branch some massive updates I've been working on

to try the dev (beta) template: moleculer init ourparentcenter/moleculer-template-project-ts-swagger#dev my-project

I've done some massive refactoring and am implementing an apps directory to which additional services and routes can be created via a plugin system.

The above issues you mentioned should be taken care of. This is still a work in progress and eventually I will have full documentation of this template as it is slowly morphing into an actual platform.

Feel free to give it a try and please let me know any ideas / enhancements you would like to suggest.

A new front end is also being developed to add to this new version of the template that will have a fully working user system in it.