• Recent
  • Tags
  • Unsolved
  • Solved
  • MagicMirror² Repository
  • Documentation
  • 3rd-Party-Modules
  • Donate
  • Discord
  • Register
  • Login
MagicMirror Forum
  • Recent
  • Tags
  • Unsolved
  • Solved
  • MagicMirror² Repository
  • Documentation
  • 3rd-Party-Modules
  • Donate
  • Discord
  • Register
  • Login
A New Chapter for MagicMirror: The Community Takes the Lead
Read the statement by Michael Teeuw here.

npm install vulnerabilities

Scheduled Pinned Locked Moved Troubleshooting
5 Posts 3 Posters 657 Views 3 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • O Offline
    OneAsianTortoise
    last edited by OneAsianTortoise May 5, 2020, 1:53 PM May 5, 2020, 1:52 PM

    I don’t know why, but I always got vulnerabilities error on every npm install.

    I have tried the following steps.

    “npm rebuild”
    “npm uninstall --save-dev mocha-logger”
    “npm install --save-dev mocha-logger@latest”
    “npm install minimist@latest”
    “npm update”

    I also have deleted the entire magic mirror, and try to install it again twice, but still get the same error.
    And I also have reinstall raspbian buster for three times, and I still get the same error.

    ┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mocha-logger [dev]                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mocha-logger > mocha > mkdirp > minimist                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ spectron [dev]                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ spectron > webdriverio > optimist > minimist                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

    what’s worse that when I try to install other module. npm install will give me more vulnerabilities error.

    I’m a absolute beginner, and I don’t really know what I do wrong, please help me. This mirror thingy is slowly driving me insane.

    S L 2 Replies Last reply May 5, 2020, 2:02 PM Reply Quote 0
    • S Offline
      sdetweil @OneAsianTortoise
      last edited by sdetweil May 5, 2020, 2:02 PM May 5, 2020, 2:02 PM

      @OneAsianTortoise those are just warnings. Most times u can’t do anything about them

      Some fixes will break MagicMirror

      Sam

      How to add modules

      learning how to use browser developers window for css changes

      O 1 Reply Last reply May 5, 2020, 2:09 PM Reply Quote 1
      • O Offline
        OneAsianTortoise @sdetweil
        last edited by May 5, 2020, 2:09 PM

        @sdetweil Noted! Thanks.

        1 Reply Last reply Reply Quote 0
        • L Offline
          lavolp3 Module Developer @OneAsianTortoise
          last edited by May 5, 2020, 2:09 PM

          @OneAsianTortoise I wouldn’t do much about it as well. As @sdetweil said, they are only warnings. Your mirror will run with these warnings.
          What I think is unproblematic is running:

          npm audit fix

          These are automatic fixes on the vulnerabilities that are obvious for the system.
          I haven’t heard of anyone breaking their software doing this.

          How to troubleshoot modules
          MMM-soccer v2, MMM-AVStock

          O 1 Reply Last reply May 5, 2020, 2:13 PM Reply Quote 1
          • O Offline
            OneAsianTortoise @lavolp3
            last edited by May 5, 2020, 2:13 PM

            @lavolp3 npm audit fix won’t fix them, but i’m glad to hear that i don’t really have to do anything with them now :D.

            1 Reply Last reply Reply Quote 0
            • 1 / 1
            1 / 1
            • First post
              1/5
              Last post
            Enjoying MagicMirror? Please consider a donation!
            MagicMirror created by Michael Teeuw.
            Forum managed by Sam, technical setup by Karsten.
            This forum is using NodeBB as its core | Contributors
            Contact | Privacy Policy