MagicMirror Forum
    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • Donate
    • Discord

    UNSOLVED WARN notice [SECURITY] lodash has the following vulnerability....

    Troubleshooting
    3
    5
    817
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MWel1977 last edited by

      Hi everybody,

      just did a fresh and new install of the latest Rasbian installation on my Pi 3B+ and installed MM2 again.
      However during installation I got a lot of notifications about vulnerability’s and that I had to run: npm i npm@latest -g.
      But is that normal?? I just did a fresh installation on an new sd card and already I have an outdated someting???

      lavolp3 1 Reply Last reply Reply Quote 0
      • lavolp3
        lavolp3 Module Developer @MWel1977 last edited by

        @mwel1977 Experienced the same. npm is doing audits now. Don’t know since when. However they are not errors, only vulnerabilities.
        Do a

        npm audit

        and find out more about them.

        How to troubleshoot modules
        MMM-soccer v2, MMM-AVStock

        1 Reply Last reply Reply Quote 0
        • Mykle1
          Mykle1 Project Sponsor Module Developer last edited by

          Perhaps worth mentioning

          Recently, I wiped a laptop and installed the newest ubuntu (18.04?), the latest stable node and then MM. The MM installation reported way too many vulnerabilities. I didn’t like that at all. I wiped the laptop again but this time I installed ubuntu 16.04 LTS, the latest stable node and MM. Not one vulnerability reported. Odd.

          Create a working config
          How to add modules

          lavolp3 1 Reply Last reply Reply Quote 0
          • lavolp3
            lavolp3 Module Developer @Mykle1 last edited by

            @mykle1 So what were the respective versions of node? Maybe the older ubuntu version uses an older node version?
            I had the feeling that it was purely note-related but I may be wrong.

            How to troubleshoot modules
            MMM-soccer v2, MMM-AVStock

            1 Reply Last reply Reply Quote 0
            • Mykle1
              Mykle1 Project Sponsor Module Developer last edited by

              In both cases, I installed node 10.13.0 LTS. ubuntu 16.04 LTS had no complaints and issued no warnings. It’s the
              newer/latest LTS version of ubuntu where node issued all those warnings. Go figure.

              Create a working config
              How to add modules

              1 Reply Last reply Reply Quote 0
              • 1 / 1
              • First post
                Last post
              Enjoying MagicMirror? Please consider a donation!
              MagicMirror created by Michael Teeuw.
              Forum managed by Paul-Vincent Roll and Rodrigo Ramírez Norambuena.
              This forum is using NodeBB as its core | Contributors
              Contact | Privacy Policy