• Recent
  • Tags
  • Unsolved
  • Solved
  • MagicMirror² Repository
  • Documentation
  • 3rd-Party-Modules
  • Donate
  • Discord
  • Register
  • Login
MagicMirror Forum
  • Recent
  • Tags
  • Unsolved
  • Solved
  • MagicMirror² Repository
  • Documentation
  • 3rd-Party-Modules
  • Donate
  • Discord
  • Register
  • Login
A New Chapter for MagicMirror: The Community Takes the Lead
Read the statement by Michael Teeuw here.

New Install From Raspbian Stretch

Scheduled Pinned Locked Moved Unsolved Troubleshooting
raspberry pi 3raspbian stretch
14 Posts 4 Posters 5.0k Views 4 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S Offline
    sdetweil
    last edited by Jan 21, 2019, 1:10 AM

    Node is downlevel.

    See
    node -v

    Sam

    How to add modules

    learning how to use browser developers window for css changes

    1 Reply Last reply Reply Quote 0
    • S Offline
      sebien0077
      last edited by Jan 21, 2019, 1:11 AM

      OK, i have forced upgrade node with this command:

      curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
      

      I install Node:

      sudo apt install -y nodejs
      

      now node version :

      pi@raspberrypi:~/MagicMirror $ node -v
      v10.15.0
      

      I have remove MagicMirror folder, and reinstall from the beginning:

      pi@raspberrypi:~ $ rm -rf MagicMirror/
      pi@raspberrypi:~ $ bash -c "$(curl -sL https://raw.githubusercontent.com/MichMich/MagicMirror/master/installers/raspberry.sh)"
      

      All seem OK, but they are vulnerabillity…

      Cloning MagicMirror Done!
      Installing dependencies ...
      npm WARN deprecated time-grunt@2.0.0: Deprecated because Grunt is practically unmaintained. Move on to something better. This package will continue to work with Grunt v1, but it will not receive any updates.
      npm WARN deprecated nomnom@1.8.1: Package no longer supported. Contact support@npmjs.com for more info.
      
      > electron-chromedriver@1.8.0 install /home/pi/MagicMirror/node_modules/electron-chromedriver
      > node ./download-chromedriver.js
      
      successfully dowloaded and extracted!
      
      > electron@2.0.16 postinstall /home/pi/MagicMirror/node_modules/electron
      > node install.js
      
      Downloading SHASUMS256.txt
      [============================================>] 100.0% of 5.39 kB (5.39 kB/s)
      
      > magicmirror@2.6.0 install /home/pi/MagicMirror
      > cd vendor && npm install
      
      npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules/fsevents):
      npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"arm"})
      
      added 82 packages from 57 contributors and audited 220 packages in 15.326s
      found 3 low severity vulnerabilities
        run `npm audit fix` to fix them, or `npm audit` for details
      
      > magicmirror@2.6.0 postinstall /home/pi/MagicMirror
      > sh installers/postinstall/postinstall.sh && npm run install-fonts
      
      MagicMirror installation successful!
      
      > magicmirror@2.6.0 install-fonts /home/pi/MagicMirror
      > cd fonts && npm install
      
      added 1 package from 1 contributor and audited 1 package in 3.955s
      found 0 vulnerabilities
      
      npm WARN grunt-stylelint@0.10.1 requires a peer of stylelint@^9.0.0 but none is installed. You must install peer dependencies yourself.
      npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.
      
      added 921 packages from 1366 contributors and audited 2466 packages in 170.898s
      found 8 vulnerabilities (7 low, 1 high)
        run `npm audit fix` to fix them, or `npm audit` for details
      Dependencies installation Done!
      Check plymouth installation ...
      Splashscreen: Checking themes directory.
      Splashscreen: Create theme directory if not exists.
      Splashscreen: Theme copied successfully.
      Splashscreen: Changed theme to MagicMirror successfully.
      
      
      S 1 Reply Last reply Jan 21, 2019, 1:46 AM Reply Quote 1
      • S Offline
        sdetweil @sebien0077
        last edited by Jan 21, 2019, 1:46 AM

        @sebien0077

        run

        npm audit fix
        

        Sam

        How to add modules

        learning how to use browser developers window for css changes

        S 1 Reply Last reply Jan 21, 2019, 2:24 AM Reply Quote 0
        • S Offline
          sebien0077 @sdetweil
          last edited by Jan 21, 2019, 2:24 AM

          @sdetweil
          yes i have made , only one resist :

          pi@raspberrypi:~/MagicMirror $ npm audit
          
                                 === npm audit security report ===
          
          ┌──────────────────────────────────────────────────────────────────────────────┐
          │                                Manual Review                                 │
          │            Some vulnerabilities require your attention to resolve            │
          │                                                                              │
          │         Visit https://go.npm.me/audit-guide for additional guidance          │
          └──────────────────────────────────────────────────────────────────────────────┘
          ┌───────────────┬──────────────────────────────────────────────────────────────┐
          │ Low           │ Prototype Pollution                                          │
          ├───────────────┼──────────────────────────────────────────────────────────────┤
          │ Package       │ lodash                                                       │
          ├───────────────┼──────────────────────────────────────────────────────────────┤
          │ Patched in    │ >=4.17.5                                                     │
          ├───────────────┼──────────────────────────────────────────────────────────────┤
          │ Dependency of │ express-ipfilter                                             │
          ├───────────────┼──────────────────────────────────────────────────────────────┤
          │ Path          │ express-ipfilter > lodash                                    │
          ├───────────────┼──────────────────────────────────────────────────────────────┤
          │ More info     │ https://nodesecurity.io/advisories/577                       │
          
          S L 2 Replies Last reply Jan 21, 2019, 2:45 AM Reply Quote 0
          • S Offline
            sdetweil @sebien0077
            last edited by Jan 21, 2019, 2:45 AM

            @sebien0077

            npm i lodash@latest
            

            Sam

            How to add modules

            learning how to use browser developers window for css changes

            1 Reply Last reply Reply Quote 0
            • D Offline
              dazza120
              last edited by dazza120 Jan 21, 2019, 8:52 AM Jan 21, 2019, 8:50 AM

              Hi guys instead of me starting a new thread for the same thing can I jump in as it seems the last thing may have fixed OP’s issue, I have two vulnerabilities that are not fixing ate all 😢 can you help please I’ve tried the npm I lodash@latest but that doesn’t work

                                     Manual Review                                 │
              │            Some vulnerabilities require your attention to resolve            │
              │                                                                              │
              │         Visit https://go.npm.me/audit-guide for additional guidance          │
              └──────────────────────────────────────────────────────────────────────────────┘
              ┌───────────────┬──────────────────────────────────────────────────────────────┐
              │ Moderate      │ Regular Expression Denial of Service                         │
              ├───────────────┼──────────────────────────────────────────────────────────────┤
              │ Package       │ underscore.string                                            │
              ├───────────────┼──────────────────────────────────────────────────────────────┤
              │ Patched in    │ >=3.3.5                                                      │
              ├───────────────┼──────────────────────────────────────────────────────────────┤
              │ Dependency of │ fix                                                          │
              ├───────────────┼──────────────────────────────────────────────────────────────┤
              │ Path          │ fix > underscore.string                                      │
              ├───────────────┼──────────────────────────────────────────────────────────────┤
              │ More info     │ https://npmjs.com/advisories/745                             │
              └───────────────┴──────────────────────────────────────────────────────────────┘
              ┌───────────────┬──────────────────────────────────────────────────────────────┐
              │ Low           │ Prototype Pollution                                          │
              ├───────────────┼──────────────────────────────────────────────────────────────┤
              │ Package       │ lodash                                                       │
              ├───────────────┼──────────────────────────────────────────────────────────────┤
              │ Patched in    │ >=4.17.5                                                     │
              ├───────────────┼──────────────────────────────────────────────────────────────┤
              │ Dependency of │ express-ipfilter                                             │
              ├───────────────┼──────────────────────────────────────────────────────────────┤
              │ Path          │ express-ipfilter > lodash                                    │
              ├───────────────┼──────────────────────────────────────────────────────────────┤
              │ More info     │ https://npmjs.com/advisories/577          
              
              1 Reply Last reply Reply Quote 0
              • L Offline
                lavolp3 Module Developer
                last edited by lavolp3 Jan 21, 2019, 11:03 AM Jan 21, 2019, 10:59 AM

                Guys be careful with the npm vulnerabilities!
                It’s not advisable to always fix all of them.
                E.g. if a vulnerability wants to have a most recent version of an important dependency, fixing it might even break your working MM because MM can’t work with this new dependency.

                If you’re not completely sure what you’re doing then leave them.
                They are not errors after all, your modules should work with these vulnerabilities as well.

                How to troubleshoot modules
                MMM-soccer v2, MMM-AVStock

                D 1 Reply Last reply Jan 21, 2019, 11:01 AM Reply Quote 2
                • D Offline
                  dazza120 @lavolp3
                  last edited by Jan 21, 2019, 11:01 AM

                  @lavolp3 understood thanks ill leave well alone now then thanks

                  1 Reply Last reply Reply Quote 0
                  • L Offline
                    lavolp3 Module Developer @sebien0077
                    last edited by Jan 21, 2019, 11:02 AM

                    @sebien0077 better leave lodash alone is my suggestion. YOur mirror should work with this vulnerability as well.

                    HOwever, you can of course try it out IF YOU DARE!!!
                    Go on the presented link and do as suggested.

                    npm install lodash@4.17.5
                    

                    (that’s what I would try)

                    How to troubleshoot modules
                    MMM-soccer v2, MMM-AVStock

                    S 1 Reply Last reply Jan 21, 2019, 7:46 PM Reply Quote 0
                    • S Offline
                      sebien0077 @lavolp3
                      last edited by Jan 21, 2019, 7:46 PM

                      @lavolp3 said in New Install From Raspbian Stretch:

                      npm install lodash@4.17.5

                      Thx for your help. I just don’t like vulnerability :)
                      i have try 4.17.5 and 4.17.11 … nothing work :(

                      pi@raspberrypi:~/MagicMirror $ npm install lodash@4.17.5
                      npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.
                      
                      + lodash@4.17.5
                      updated 1 package and audited 4407 packages in 42.128s
                      found 1 low severity vulnerability
                        run `npm audit fix` to fix them, or `npm audit` for details
                      pi@raspberrypi:~/MagicMirror $ npm audit fix
                      npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.
                      
                      up to date in 31.654s
                      fixed 0 of 1 vulnerability in 4407 scanned packages
                        1 vulnerability required manual review and could not be updated
                      pi@raspberrypi:~/MagicMirror $ npm audit
                      
                                             === npm audit security report ===
                      
                      ┌──────────────────────────────────────────────────────────────────────────────┐
                      │                                Manual Review                                 │
                      │            Some vulnerabilities require your attention to resolve            │
                      │                                                                              │
                      │         Visit https://go.npm.me/audit-guide for additional guidance          │
                      └──────────────────────────────────────────────────────────────────────────────┘
                      ┌───────────────┬──────────────────────────────────────────────────────────────┐
                      │ Low           │ Prototype Pollution                                          │
                      ├───────────────┼──────────────────────────────────────────────────────────────┤
                      │ Package       │ lodash                                                       │
                      ├───────────────┼──────────────────────────────────────────────────────────────┤
                      │ Patched in    │ >=4.17.5                                                     │
                      ├───────────────┼──────────────────────────────────────────────────────────────┤
                      │ Dependency of │ express-ipfilter                                             │
                      ├───────────────┼──────────────────────────────────────────────────────────────┤
                      │ Path          │ express-ipfilter > lodash                                    │
                      ├───────────────┼──────────────────────────────────────────────────────────────┤
                      │ More info     │ https://nodesecurity.io/advisories/577                       │
                      └───────────────┴──────────────────────────────────────────────────────────────┘
                      found 1 low severity vulnerability in 4407 scanned packages
                        1 vulnerability requires manual review. See the full report for details.
                      pi@raspberrypi:~/MagicMirror $ npm install lodash@4.17.11
                      npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.
                      
                      + lodash@4.17.11
                      updated 1 package and audited 4407 packages in 39.671s
                      found 1 low severity vulnerability
                        run `npm audit fix` to fix them, or `npm audit` for details
                      pi@raspberrypi:~/MagicMirror $ npm audit fix
                      npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.
                      
                      up to date in 32.389s
                      fixed 0 of 1 vulnerability in 4407 scanned packages
                        1 vulnerability required manual review and could not be updated
                      pi@raspberrypi:~/MagicMirror $ npm audit
                      
                                             === npm audit security report ===
                      
                      ┌──────────────────────────────────────────────────────────────────────────────┐
                      │                                Manual Review                                 │
                      │            Some vulnerabilities require your attention to resolve            │
                      │                                                                              │
                      │         Visit https://go.npm.me/audit-guide for additional guidance          │
                      └──────────────────────────────────────────────────────────────────────────────┘
                      ┌───────────────┬──────────────────────────────────────────────────────────────┐
                      │ Low           │ Prototype Pollution                                          │
                      ├───────────────┼──────────────────────────────────────────────────────────────┤
                      │ Package       │ lodash                                                       │
                      ├───────────────┼──────────────────────────────────────────────────────────────┤
                      │ Patched in    │ >=4.17.5                                                     │
                      ├───────────────┼──────────────────────────────────────────────────────────────┤
                      │ Dependency of │ express-ipfilter                                             │
                      ├───────────────┼──────────────────────────────────────────────────────────────┤
                      │ Path          │ express-ipfilter > lodash                                    │
                      ├───────────────┼──────────────────────────────────────────────────────────────┤
                      │ More info     │ https://nodesecurity.io/advisories/577                       │
                      └───────────────┴──────────────────────────────────────────────────────────────┘
                      found 1 low severity vulnerability in 4407 scanned packages
                        1 vulnerability requires manual review. See the full report for details.
                      
                      L 1 Reply Last reply Jan 21, 2019, 9:47 PM Reply Quote 0
                      • 1
                      • 2
                      • 1 / 2
                      1 / 2
                      • First post
                        6/14
                        Last post
                      Enjoying MagicMirror? Please consider a donation!
                      MagicMirror created by Michael Teeuw.
                      Forum managed by Sam, technical setup by Karsten.
                      This forum is using NodeBB as its core | Contributors
                      Contact | Privacy Policy