Closed idimo closed 2 years ago
all shoud be as expected. you just have som setting to show warnings.
what happens when you use the project ?
i do not offen do a clean install. but you are right it shows some vulnerabilities, from what i did not know. i will see if there is any think i can do about that in the furture.
A fast local fix, is to run npm audit fix
and then remove the folder node_modules
and file package-lock.json
and then run npm install
and then npm audit fix
Then there shoud only be one high think left. But by doing this, i cant ensure all work as it shoud. Will look into it. The one that i have that is still not fixed is:
csv-parse <4.4.6
Severity: high
Regular Expression Denial of Service in csv-parse - https://github.com/advisories/GHSA-582f-p4pg-xc74
fix available via `npm audit fix`
node_modules/steam/node_modules/csv-parse
1 high severity vulnerability
did as you said
A fast local fix, is to run
npm audit fix
and then remove the foldernode_modules
and filepackage-lock.json
and then runnpm install
and thennpm audit fix
the launch outputs this:
maybe there is a way to run this script in docker?
Don't audit fix, just delete everything then re-download the project again
run in npm install
and ignore all those vulnerabilities... and you are good to go.
i did have a small look, into the warnings. as the module Steam
is archived. and will not have any other updates. i cant fix all the warning. if you use npm audit fix
it will just not work. it will remove the warning. but then the npm steam module, will not work.
What am I doing wrong?
node js 16.13.2 is installed in the system