search

tngoman / Store-POS

Point of Sale Desktop App built with Electron
768 stars 389 forks source link

Running "npm install" generates: 6 vulnerabilities (3 high, 3 critical) #78

Open ossama-nvis opened 1 year ago

ossama-nvis commented 1 year ago

This is the output of "npm audit report":

# npm audit report

dicer  *
Severity: high
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
No fix available
node_modules/dicer
  busboy  <=0.3.1
  Depends on vulnerable versions of dicer
  node_modules/multer/node_modules/busboy
    multer  <=2.0.0-rc.3
    Depends on vulnerable versions of busboy
    node_modules/multer

nedb  *
Severity: critical
Prototype Pollution - https://github.com/advisories/GHSA-339j-hqgx-qrrx
Depends on vulnerable versions of binary-search-tree
Depends on vulnerable versions of underscore
No fix available
node_modules/nedb

underscore  1.3.2 - 1.12.0
Severity: critical
Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
No fix available
node_modules/underscore
  binary-search-tree  *
  Depends on vulnerable versions of underscore
  node_modules/binary-search-tree

6 vulnerabilities (3 high, 3 critical)

Some issues need review, and may require choosing
a different dependency.

Please help. Thank you.

ossama-nvis commented 1 year ago 
$ node -v
v18.15.0
$ npm -v
9.6.2
sangulukani1999 commented 1 year ago

Does anyone has a solution for the above problem cause am also facing the same problem

M-Uzair25 commented 10 months ago

Step1: npm uninstall nedb Step2: npm i @seald-io/nedb Step3: Go to api folder and replace const Datastore = require( "nedb" ); to const Datastore = require( "@seald-io/nedb" ); in all files (mean change all imports) Step4: npm uninstall sweetalert2 Step5: npm i sweetalert2 Step6: npm i multer@latest

This removed the errors from my project and the project started. But it does not add any data