search

pankod / moleculerjs-boilerplate

A well-structured Moleculer JS Boilerplate with Typescript, CLI, Service Helpers, Swagger, Jest support and everything you'll ever need to deploy rock solid projects. https://pankod.github.io/moleculerjs-boilerplate/
MIT License
196 stars 36 forks source link

Error: The project undefined isn't supported #70

Closed manchuwook closed 4 years ago

manchuwook commented 4 years ago

I updated to moleculer@0.14.5, moleculer-repl@0.6.4, and moleculer-web@0.9.1 as there are lodash vulnerabilities.

    Dependency: NPM - lodash@4.17.10
      RejectReasons (4)
          Type:          VULNERABILITY
          Name:          Prototype Pollution
          Severity:      high
          Description:   Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution.

The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.

          Type:          VULNERABILITY
          Name:          Prototype Pollution
          Severity:      high
          Description:   Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution.  The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.

          Type:               VULNERABILITY
          Name:               SNYK-JS-LODASH-450202
          CVSS Score v3:      7.3
          Severity:           high
          Description Link:   https://snyk.io/vuln/SNYK-JS-LODASH-450202

          Type:               VULNERABILITY
          Name:               SNYK-JS-LODASH-73638
          CVSS Score v3:      7.3
          Severity:           high
          Description Link:   https://snyk.io/vuln/SNYK-JS-LODASH-73638

... and I am now getting the error message: 

$ npm run cli

> moleculerjs-boilerplate@1.0.0 cli I:\dev\iahub-universe
> pankod-cli add

                  _       __ _                _
  _   _ _ __   __| | ___ / _(_)_ __   ___  __| |
 | | | | '_ \ / _` |/ _ \ |_| | '_ \ / _ \/ _` |
 | |_| | | | | (_| |  __/  _| | | | |  __/ (_| |
  \__,_|_| |_|\__,_|\___|_| |_|_| |_|\___|\__,_|

 »   Error: The project undefined isn't supported.
npm ERR! code ELIFECYCLE
npm ERR! errno 2
npm ERR! moleculerjs-boilerplate@1.0.0 cli: `pankod-cli add`
npm ERR! Exit status 2
npm ERR!
npm ERR! Failed at the moleculerjs-boilerplate@1.0.0 cli script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\manch1uwook\AppData\Roaming\npm-cache\_logs\2020-06-19T13_37_38_826Z-debug.log
issue-label-bot[bot] commented 4 years ago

Issue Label Bot is not confident enough to auto-label this issue. See dashboard for more details.

manchuwook commented 4 years ago

This is resolved by installing version 1.0.1 of the cli.