search

woocommerce / woocommerce-rest-api-js-lib

New JavaScript library for WooCommerce REST API
https://www.npmjs.com/package/@woocommerce/woocommerce-rest-api
MIT License
273 stars 76 forks source link

Critical security vulnerability & unsupported in Node v16 #112

Open ETMitch21 opened 2 years ago

ETMitch21 commented 2 years ago

Just installed using the follow command from this repository and received concerning feedback

Install command

npm install @woocommerce/woocommerce-rest-api

Result

npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: undefined,
npm WARN EBADENGINE   required: { node: '14' },
npm WARN EBADENGINE   current: { node: 'v16.13.1', npm: '8.1.2' }
npm WARN EBADENGINE }
npm WARN deprecated axios@0.19.2: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410

added 15 packages, and audited 251 packages in 2s

11 packages are looking for funding
  run `npm fund` for details

2 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

Not sure this library should be used in production as it stands today.

ghost commented 2 years ago

I have the same, have you found a solution or an alternative?

seanonthenet commented 2 years ago

Axios seems to have been updated in this package but the version number has not been bumped and it has not been published to npm. @claudiosanches 🥺

Screenshot 2022-02-03 at 17 24 52

seanonthenet commented 2 years ago

Currently working around by installing from github with: yarn add @woocommerce/woocommerce-rest-api@https://github.com/woocommerce/woocommerce-rest-api-js-lib