MagicMirror Forum
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • 3rd-Party-Modules
    • Donate
    • Discord
    • Register
    • Login
    A New Chapter for MagicMirror: The Community Takes the Lead
    Read the statement by Michael Teeuw here.

    WARN notice [SECURITY] lodash has the following vulnerability....

    Scheduled Pinned Locked Moved Unsolved Troubleshooting
    5 Posts 3 Posters 1.3k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      MWel1977
      last edited by

      Hi everybody,

      just did a fresh and new install of the latest Rasbian installation on my Pi 3B+ and installed MM2 again.
      However during installation I got a lot of notifications about vulnerability’s and that I had to run: npm i npm@latest -g.
      But is that normal?? I just did a fresh installation on an new sd card and already I have an outdated someting???

      lavolp3L 1 Reply Last reply Reply Quote 0
      • lavolp3L Offline
        lavolp3 Module Developer @MWel1977
        last edited by

        @mwel1977 Experienced the same. npm is doing audits now. Don’t know since when. However they are not errors, only vulnerabilities.
        Do a

        npm audit

        and find out more about them.

        How to troubleshoot modules
        MMM-soccer v2, MMM-AVStock

        1 Reply Last reply Reply Quote 0
        • Mykle1M Offline
          Mykle1 Project Sponsor Module Developer
          last edited by

          Perhaps worth mentioning

          Recently, I wiped a laptop and installed the newest ubuntu (18.04?), the latest stable node and then MM. The MM installation reported way too many vulnerabilities. I didn’t like that at all. I wiped the laptop again but this time I installed ubuntu 16.04 LTS, the latest stable node and MM. Not one vulnerability reported. Odd.

          Create a working config
          How to add modules

          lavolp3L 1 Reply Last reply Reply Quote 0
          • lavolp3L Offline
            lavolp3 Module Developer @Mykle1
            last edited by

            @mykle1 So what were the respective versions of node? Maybe the older ubuntu version uses an older node version?
            I had the feeling that it was purely note-related but I may be wrong.

            How to troubleshoot modules
            MMM-soccer v2, MMM-AVStock

            1 Reply Last reply Reply Quote 0
            • Mykle1M Offline
              Mykle1 Project Sponsor Module Developer
              last edited by

              In both cases, I installed node 10.13.0 LTS. ubuntu 16.04 LTS had no complaints and issued no warnings. It’s the
              newer/latest LTS version of ubuntu where node issued all those warnings. Go figure.

              Create a working config
              How to add modules

              1 Reply Last reply Reply Quote 0
              • 1 / 1
              • First post
                Last post
              Enjoying MagicMirror? Please consider a donation!
              MagicMirror created by Michael Teeuw.
              Forum managed by Sam, technical setup by Karsten.
              This forum is using NodeBB as its core | Contributors
              Contact | Privacy Policy