Open MaKleSoft opened 2 years ago
Thanks @MaKleSoft - just remember that @tauri-apps/tauricon is a devDep, but your point is well taken.
@nothingismagick Yeah, I'm aware, but it's something that was pointed out to us during our audit. And it generally just doesn't look good to have a lot of npm audit warnings, regardless of whether they actually have any impact.
I totally agree! Please see this PR https://github.com/tauri-apps/tauricon/pull/63
Yeah this issue is really not solvable without the rust rewrite, basically every node package we need to make this work is unmaintained...
exactly
We're currently seeing 24 vulnerabilities (12 with severity "high") in our Tauri package, all of which are coming from
@tauri-apps/tauricon
. I know dealing withnpm audit
warnings is annoying, but for a tool focused on security, I think it's important to make sure your deps are clean. I hope we can expect a fix soon? Thanks!