MagicMirror Forum
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • 3rd-Party-Modules
    • Donate
    • Discord
    • Register
    • Login
    A New Chapter for MagicMirror: The Community Takes the Lead
    Read the statement by Michael Teeuw here.

    WARN notice [SECURITY] lodash has the following vulnerability....

    Scheduled Pinned Locked Moved Unsolved Troubleshooting
    5 Posts 3 Posters 1.7k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      MWel1977
      last edited by

      Hi everybody,

      just did a fresh and new install of the latest Rasbian installation on my Pi 3B+ and installed MM2 again.
      However during installation I got a lot of notifications about vulnerability’s and that I had to run: npm i npm@latest -g.
      But is that normal?? I just did a fresh installation on an new sd card and already I have an outdated someting???

      lavolp3L 1 Reply Last reply Reply Quote 0
      • lavolp3L Offline
        lavolp3 Module Developer @MWel1977
        last edited by

        @mwel1977 Experienced the same. npm is doing audits now. Don’t know since when. However they are not errors, only vulnerabilities.
        Do a

        npm audit

        and find out more about them.

        How to troubleshoot modules
        MMM-soccer v2, MMM-AVStock

        1 Reply Last reply Reply Quote 0
        • Mykle1M Offline
          Mykle1 Project Sponsor Module Developer
          last edited by

          Perhaps worth mentioning

          Recently, I wiped a laptop and installed the newest ubuntu (18.04?), the latest stable node and then MM. The MM installation reported way too many vulnerabilities. I didn’t like that at all. I wiped the laptop again but this time I installed ubuntu 16.04 LTS, the latest stable node and MM. Not one vulnerability reported. Odd.

          Create a working config
          How to add modules

          lavolp3L 1 Reply Last reply Reply Quote 0
          • lavolp3L Offline
            lavolp3 Module Developer @Mykle1
            last edited by

            @mykle1 So what were the respective versions of node? Maybe the older ubuntu version uses an older node version?
            I had the feeling that it was purely note-related but I may be wrong.

            How to troubleshoot modules
            MMM-soccer v2, MMM-AVStock

            1 Reply Last reply Reply Quote 0
            • Mykle1M Offline
              Mykle1 Project Sponsor Module Developer
              last edited by

              In both cases, I installed node 10.13.0 LTS. ubuntu 16.04 LTS had no complaints and issued no warnings. It’s the
              newer/latest LTS version of ubuntu where node issued all those warnings. Go figure.

              Create a working config
              How to add modules

              1 Reply Last reply Reply Quote 0

              Hello! It looks like you're interested in this conversation, but you don't have an account yet.

              Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

              With your input, this post could be even better 💗

              Register Login
              • 1 / 1
              • First post
                Last post
              Enjoying MagicMirror? Please consider a donation!
              MagicMirror created by Michael Teeuw.
              Forum managed by Sam, technical setup by Karsten.
              This forum is using NodeBB as its core | Contributors
              Contact | Privacy Policy