search

strongloop / strong-pm

deployer for node applications
http://strong-pm.io
Other
1k stars 71 forks source link

warnings during installation - deprecated dependencies #378

Open ghost opened 7 years ago

ghost commented 7 years ago

npm install -g strongloop

npm WARN deprecated node-uuid@1.4.7: use uuid module instead npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

chazzmoney commented 6 years ago

npm install -g strongloop

npm WARN deprecated nodemailer@2.7.2: All versions below 4.0.1 of Nodemailer are deprecated. See https://nodemailer.com/status/ npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5 npm WARN deprecated ejs@1.0.0: Critical security bugs fixed in 2.5.5 npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated graceful-fs@3.0.11: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js npm WARN deprecated node-uuid@1.4.8: Use uuid module instead npm WARN deprecated connect@2.30.2: connect 2.x series is deprecated npm WARN deprecated coffee-script@1.6.3: CoffeeScript on NPM has moved to "coffeescript" (no hyphen) npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

chazzmoney commented 6 years ago

"Critical security bugs" and "RegExp DoS" sound scary for a PM that is intended for use in production environments. Are these issues as concerning as they sound?

sam-github commented 6 years ago

Don't install the deprecated strongloop package, do npm i -g strong-pm instead

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

davidfstr commented 2 years ago

Don't install the deprecated strongloop package, do npm i -g strong-pm instead

If the "strongloop" package is incorrect then the home page for StrongLoop Process Manager needs to be updated:

Screen Shot 2022-06-13 at 3 44 43 PM
davidfstr commented 2 years ago

In fact according to this documentation, it might be the case that you need to install the pm2 package instead.

npm install pm2

Regardless, the home page still seems to be recommending an incorrect npm package to install.