1. Home
  2. Troubleshooting
  3. npm install vulnerabilities
MagicMirror² v2.12.0 is available! For more information about this release, check out this topic.

npm install vulnerabilities

  • O

    I don’t know why, but I always got vulnerabilities error on every npm install.

    I have tried the following steps.

    “npm rebuild”
    “npm uninstall --save-dev mocha-logger”
    “npm install --save-dev mocha-logger@latest”
    “npm install minimist@latest”
    “npm update”

    I also have deleted the entire magic mirror, and try to install it again twice, but still get the same error.
    And I also have reinstall raspbian buster for three times, and I still get the same error.

    ┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 =1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mocha-logger [dev]                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mocha-logger > mocha > mkdirp > minimist                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 =1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ spectron [dev]                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ spectron > webdriverio > optimist > minimist                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

    what’s worse that when I try to install other module. npm install will give me more vulnerabilities error.

    I’m a absolute beginner, and I don’t really know what I do wrong, please help me. This mirror thingy is slowly driving me insane.

    0 S lavolp3 2 Replies
  • S

    @OneAsianTortoise those are just warnings. Most times u can’t do anything about them

    Some fixes will break MagicMirror

    1 O 1 Reply
  • O

    @sdetweil Noted! Thanks.

    0
  • lavolp3
    Module Developer

    @OneAsianTortoise I wouldn’t do much about it as well. As @sdetweil said, they are only warnings. Your mirror will run with these warnings.
    What I think is unproblematic is running:

    npm audit fix

    These are automatic fixes on the vulnerabilities that are obvious for the system.
    I haven’t heard of anyone breaking their software doing this.

    1 O 1 Reply
  • O

    @lavolp3 npm audit fix won’t fix them, but i’m glad to hear that i don’t really have to do anything with them now :D.

    0
Log in to reply
 
Enjoying MagicMirror? Please consider a donation!