Navigation

    MagicMirror Forum

    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • Donate
    • Discord

    npm install vulnerabilities

    Troubleshooting
    3
    5
    49
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      OneAsianTortoise last edited by OneAsianTortoise

      I don’t know why, but I always got vulnerabilities error on every npm install.

      I have tried the following steps.

      “npm rebuild”
      “npm uninstall --save-dev mocha-logger”
      “npm install --save-dev mocha-logger@latest”
      “npm install minimist@latest”
      “npm update”

      I also have deleted the entire magic mirror, and try to install it again twice, but still get the same error.
      And I also have reinstall raspbian buster for three times, and I still get the same error.

      ┌───────────────┬──────────────────────────────────────────────────────────────┐
      │ Low           │ Prototype Pollution                                          │
      ├───────────────┼──────────────────────────────────────────────────────────────┤
      │ Package       │ minimist                                                     │
      ├───────────────┼──────────────────────────────────────────────────────────────┤
      │ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
      ├───────────────┼──────────────────────────────────────────────────────────────┤
      │ Dependency of │ mocha-logger [dev]                                           │
      ├───────────────┼──────────────────────────────────────────────────────────────┤
      │ Path          │ mocha-logger > mocha > mkdirp > minimist                     │
      ├───────────────┼──────────────────────────────────────────────────────────────┤
      │ More info     │ https://npmjs.com/advisories/1179                            │
      └───────────────┴──────────────────────────────────────────────────────────────┘
      ┌───────────────┬──────────────────────────────────────────────────────────────┐
      │ Low           │ Prototype Pollution                                          │
      ├───────────────┼──────────────────────────────────────────────────────────────┤
      │ Package       │ minimist                                                     │
      ├───────────────┼──────────────────────────────────────────────────────────────┤
      │ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
      ├───────────────┼──────────────────────────────────────────────────────────────┤
      │ Dependency of │ spectron [dev]                                               │
      ├───────────────┼──────────────────────────────────────────────────────────────┤
      │ Path          │ spectron > webdriverio > optimist > minimist                 │
      ├───────────────┼──────────────────────────────────────────────────────────────┤
      │ More info     │ https://npmjs.com/advisories/1179                            │
      └───────────────┴──────────────────────────────────────────────────────────────┘
      

      what’s worse that when I try to install other module. npm install will give me more vulnerabilities error.

      I’m a absolute beginner, and I don’t really know what I do wrong, please help me. This mirror thingy is slowly driving me insane.

      S lavolp3 2 Replies Last reply Reply Quote 0
      • S
        sdetweil @OneAsianTortoise last edited by sdetweil

        @OneAsianTortoise those are just warnings. Most times u can’t do anything about them

        Some fixes will break MagicMirror

        O 1 Reply Last reply Reply Quote 1
        • O
          OneAsianTortoise @sdetweil last edited by

          @sdetweil Noted! Thanks.

          1 Reply Last reply Reply Quote 0
          • lavolp3
            lavolp3 Module Developer @OneAsianTortoise last edited by

            @OneAsianTortoise I wouldn’t do much about it as well. As @sdetweil said, they are only warnings. Your mirror will run with these warnings.
            What I think is unproblematic is running:

            npm audit fix
            

            These are automatic fixes on the vulnerabilities that are obvious for the system.
            I haven’t heard of anyone breaking their software doing this.

            O 1 Reply Last reply Reply Quote 1
            • O
              OneAsianTortoise @lavolp3 last edited by

              @lavolp3 npm audit fix won’t fix them, but i’m glad to hear that i don’t really have to do anything with them now :D.

              1 Reply Last reply Reply Quote 0
              • 1 / 1
              • First post
                Last post
              Enjoying MagicMirror? Please consider a donation!
              MagicMirror created by Michael Teeuw.
              Forum managed by Paul-Vincent Roll and Rodrigo Ramírez Norambuena.
              This forum is using NodeBB as its core | Contributors
              Contact | Privacy Policy