WARN notice [SECURITY] lodash has the following vulnerability....
-
Hi everybody,
just did a fresh and new install of the latest Rasbian installation on my Pi 3B+ and installed MM2 again.
However during installation I got a lot of notifications about vulnerability’s and that I had to run: npm i npm@latest -g.
But is that normal?? I just did a fresh installation on an new sd card and already I have an outdated someting???
-
@mwel1977 Experienced the same. npm is doing audits now. Don’t know since when. However they are not errors, only vulnerabilities.
Do anpm auditand find out more about them.
-
Perhaps worth mentioning
Recently, I wiped a laptop and installed the newest ubuntu (18.04?), the latest stable node and then MM. The MM installation reported way too many vulnerabilities. I didn’t like that at all. I wiped the laptop again but this time I installed ubuntu 16.04 LTS, the latest stable node and MM. Not one vulnerability reported. Odd.
-
@mykle1 So what were the respective versions of node? Maybe the older ubuntu version uses an older node version?
I had the feeling that it was purely note-related but I may be wrong.
-
In both cases, I installed node 10.13.0 LTS. ubuntu 16.04 LTS had no complaints and issued no warnings. It’s the
newer/latest LTS version of ubuntu where node issued all those warnings. Go figure.
