npm security warning

[weshuiz]

1 critical severity vulnerability

To address all issues, run: npm audit fix Severity: critical Path Traversal - https://npmjs.com/advisories/1494 fix available via npm audit fix

[weshuiz]

it would be nice if you would give more content why this issue was closed?

[benmccann]

The link you shared said it only affects versions of Sapper prior to 0.27.11 so I'm not really sure what this issue is about?

It would be nice if you could give more content why this issue was opened :smile: Haha, sorry - couldn't resist :wink:

[weshuiz]

the link came with the log, i dont know what's it either about anyways even in the latest version i'm getting this warning dispite the latest version while a previous version does not warn me about this might be some bug i tought my main problem: can this warning safly be ignored?

"devDependencies": { "@babel/core": "^7.0.0", "@babel/plugin-syntax-dynamic-import": "^7.0.0", "@babel/plugin-transform-runtime": "^7.0.0", "@babel/preset-env": "^7.0.0", "@babel/runtime": "^7.0.0", "@rollup/plugin-babel": "^5.0.0", "@rollup/plugin-commonjs": "^14.0.0", "@rollup/plugin-node-resolve": "^8.0.0", "@rollup/plugin-replace": "^2.4.0", "@rollup/plugin-url": "^5.0.0", "rollup": "^2.3.4", "rollup-plugin-svelte": "^7.0.0", "rollup-plugin-terser": "^7.0.0", "sapper": "^0.28.0", "svelte": "^3.17.3" }

[Conduitry]

This came up before too - #1728 - if npm/snyk/whoever is giving an erroneous security warning, that's not something we have any control over, and should be taken up with them.

[benmccann]

What's the issue that you're concerned about? How can it be reproduced? The only details you have given are a link that you said is not accurate. In what way is it not accurate?

[weshuiz]

my apoligize for the lack of context this is just a clean new install of sapper this error came up after i did the first npm install nothing was done at that point of time yet

after installing express i noticed the problem, did some tests and even after a brand new install the error is still there didn't notice it on my first time instaling it

[weshuiz]

i was so kind to make a recording of it and and upload it to youtube https://youtu.be/QYzRrLZbKNA

[benmccann]

According to the link Conduitry posted above, the correct place to file this issue would be https://github.com/npm/cli/issues

[weshuiz]

According to the link Conduitry posted above, the correct place to file this issue would be https://github.com/npm/cli/issues

so i can asume this warning is false and i can safely ignore it? also i'm not that certain it been a npm issue since this only happens for sapper i would get directed back here if i would create a issue there