MagicMirror Forum
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • 3rd-Party-Modules
    • Donate
    • Discord
    • Register
    • Login
    A New Chapter for MagicMirror: The Community Takes the Lead
    Read the statement by Michael Teeuw here.

    npm install vulnerabilities

    Scheduled Pinned Locked Moved Troubleshooting
    5 Posts 3 Posters 923 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O Offline
      OneAsianTortoise
      last edited by OneAsianTortoise

      I don’t know why, but I always got vulnerabilities error on every npm install.

      I have tried the following steps.

      “npm rebuild”
      “npm uninstall --save-dev mocha-logger”
      “npm install --save-dev mocha-logger@latest”
      “npm install minimist@latest”
      “npm update”

      I also have deleted the entire magic mirror, and try to install it again twice, but still get the same error.
      And I also have reinstall raspbian buster for three times, and I still get the same error.

      ┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mocha-logger [dev]                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mocha-logger > mocha > mkdirp > minimist                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ spectron [dev]                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ spectron > webdriverio > optimist > minimist                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

      what’s worse that when I try to install other module. npm install will give me more vulnerabilities error.

      I’m a absolute beginner, and I don’t really know what I do wrong, please help me. This mirror thingy is slowly driving me insane.

      S lavolp3L 2 Replies Last reply Reply Quote 0
      • S Do not disturb
        sdetweil @OneAsianTortoise
        last edited by sdetweil

        @OneAsianTortoise those are just warnings. Most times u can’t do anything about them

        Some fixes will break MagicMirror

        Sam

        How to add modules

        learning how to use browser developers window for css changes

        O 1 Reply Last reply Reply Quote 1
        • O Offline
          OneAsianTortoise @sdetweil
          last edited by

          @sdetweil Noted! Thanks.

          1 Reply Last reply Reply Quote 0
          • lavolp3L Offline
            lavolp3 Module Developer @OneAsianTortoise
            last edited by

            @OneAsianTortoise I wouldn’t do much about it as well. As @sdetweil said, they are only warnings. Your mirror will run with these warnings.
            What I think is unproblematic is running:

            npm audit fix

            These are automatic fixes on the vulnerabilities that are obvious for the system.
            I haven’t heard of anyone breaking their software doing this.

            How to troubleshoot modules
            MMM-soccer v2, MMM-AVStock

            O 1 Reply Last reply Reply Quote 1
            • O Offline
              OneAsianTortoise @lavolp3
              last edited by

              @lavolp3 npm audit fix won’t fix them, but i’m glad to hear that i don’t really have to do anything with them now :D.

              1 Reply Last reply Reply Quote 0

              Hello! It looks like you're interested in this conversation, but you don't have an account yet.

              Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

              With your input, this post could be even better 💗

              Register Login
              • 1 / 1
              • First post
                Last post
              Enjoying MagicMirror? Please consider a donation!
              MagicMirror created by Michael Teeuw.
              Forum managed by Sam, technical setup by Karsten.
              This forum is using NodeBB as its core | Contributors
              Contact | Privacy Policy