Need Help - Absolute Beginner - Code Posted!

bumrocks

This is on a fresh Rasbian w/Desktop install and Node v10 install on a Rasberry Pi 4, as per the manual install directions. I just completed the Magic Mirror 2 install but it makes the following statement at end of install…

MagicMirror installation finished successfully! 

npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.2 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"arm"})

added 1052 packages from 1150 contributors and audited 1054 packages in 1236.54s

75 packages are looking for funding
  run `npm fund` for details

found 25 vulnerabilities (23 low, 2 moderate)
  run `npm audit fix` to fix them, or `npm audit` for details

^ Above is the part that worries me…Thank you for any help and suggestions!

Edit: I just viewed the funding part and originally did not expect 75 different app contributors and believe it was in reference to actual funding…So, my concern is just in regards to the vulnerabilities…I will post an audit of them in just a minute…

sdetweil

@bumrocks yes, just a warning… nothing u can do about it…

should use the installer script from here
https://github.com/sdetweil/MagicMirror_scripts

sdetweil

@bumrocks as I said, nothing u can do… u can run audit fix, and u might get better, or might end with it not running…

many of the ‘fixes’ require breaking changes…

bumrocks

@sdetweil
Thank you for such a quick response! Going by magicmirrors.builders installation guidelines I was scared out of using any scripts and opted to go the manual route as it was the only way that was technically supported, at least by Michael and his “team”…At this point are you recommending I wipe my current install and use the script you recommend? Does it include Node v10 and I therefore need to wipe it too?

sdetweil

@bumrocks my scripts are listed as ‘alternative’ right below
it also uses node 10, and would have installed for you … also fixes some odds and ends
you can go ahead, or rename you magicmirror folder to some other name and run the script…
it will also setup pm2 for restart after boot and disable screensaver (if u say yes at the respective prompts)

Alternative Installation Methods
The following installation methods are not maintained by the MagicMirror² core team. Use these scripts and methods at your own risk.

#Automatic Installation Scripts
Sam (@sdetweil, long time contributor of the MagicMirror² framework) maintains a easy to use installation and update script: https://github.com/sdetweil/MagicMirror_scripts

bumrocks

@sdetweil

Good looking out! And yes, I saw where you were listed as an alternate “authorized” way to install but let the “manual” message put the grip of fear on me, lol! I will do as you suggested and appreciate the help and tips!

BKeyport

vulnerabilities aren’t to be worried about if the project isn’t going to peek out to the internet.

bumrocks

@BKeyport
Which makes perfect sense but I am unclear what exactly might be peeking out if it connects to Internet for calendar stuff (intend to connect Google Calendar), updates for weather, Youtube module, and Amazon Alexa (if module is available)…I assume that all of these are in some way peeking and that most Magic Mirrors do in various ways. But, I am just a noob and can not say with any certainty. At the least, it is a daunting statement using the word “vulnerabilities”.

Let me also add, it is quite confusing that the developer and his team recommend doing the manual install but leave out such specifics and how to handle them when they arise. I am not the first or last person to make this attempt with a Rasberry Pi 4 and with me following the directions given within the terminal I still end up with…

fixed 15 of 20 vulnerabilities in 1052 scanned packages
  3 vulnerabilities required manual review and could not be updated
  2 package updates for 2 vulnerabilities involved breaking changes
  (use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)

Which absolutely leaves a noob such as I in a state of confusion as to what to do. Continuing on and leaving that by the wayside I get to the configuration of the config file and low and behold things that the instructions say I can alter or change are not available at all…zoom, electronOptions, & customCss are nonexistent from my config file. I see great care to help absolute beginners in various ways but some of the most basic instructions are either wrong or completely missing. I am thankful, do not get me wrong, for this site, this app, the developers, the input, etc. Figuring out stuff on my own will help me retain the knowledge and only better me in the future but I can’t help but feel bad for those that are less computer savvy as an absolute beginner. Sorry for my slight rant! Not sure why I started on it but my intention is not to be a negative dick. I have spent way more hours and $ on this project that I originally planned or anticipated as I assumed wrongfully that this would be easy. Nobody’s fault but my own.

sdetweil

@bumrocks they CAN be altered, but are not there by default… yes, you have to discover them , if u have the need

as for the issues and vulnerabilities, they are not in the MM code, but code it uses and that those use… where the MM owners have little to no control (or exposure to the problem)

but many of the issues you present are why I built up the installer and updater scripts, to get you up and running, regardless of your platform choice

this remains a volunteer project, where, if u are interested you can contribute. It is NOT a ‘product’

BKeyport

@bumrocks In this case, if it’s not serving anything to the public, it’s generally fine. Grabbing things off the internet is usually fine… so, as long as you’re just grabbing things from the net, and it’s webports are not outside, you’re golden.