nothingismagick
commented
2 years ago Thanks @MaKleSoft - just remember that @tauri-apps/tauricon is a devDep, but your point is well taken.
Open MaKleSoft opened 2 years ago
nothingismagick
commented
2 years ago Thanks @MaKleSoft - just remember that @tauri-apps/tauricon is a devDep, but your point is well taken.
MaKleSoft
commented
2 years ago @nothingismagick Yeah, I'm aware, but it's something that was pointed out to us during our audit. And it generally just doesn't look good to have a lot of npm audit warnings, regardless of whether they actually have any impact.
nothingismagick
commented
2 years ago I totally agree! Please see this PR https://github.com/tauri-apps/tauricon/pull/63
FabianLars
commented
2 years ago Yeah this issue is really not solvable without the rust rewrite, basically every node package we need to make this work is unmaintained...
nothingismagick
commented
2 years ago exactly
We're currently seeing 24 vulnerabilities (12 with severity "high") in our Tauri package, all of which are coming from
@tauri-apps/tauricon. I know dealing withnpm auditwarnings is annoying, but for a tool focused on security, I think it's important to make sure your deps are clean. I hope we can expect a fix soon? Thanks!