RE: Setting Up Magic Mirror on Ubuntu issue

I don’t even know how to describe this… So after fixing the acorn issue, the lodash issue reappeared. For some reason, I can no longer fix the lodash issue (even with sudo and root terminal). It just would not let me install lodash 4.17.5 or even the newest version because of the vulnerability.

I’m hypothesizing that MM might be using something that is dependent on a previous version of lodash that conflicts with Ubuntu’s security vulnerability

---

Here is an article referring the lodash vulnerabilities existing in versions prior to 4.17.11:

https://resources.whitesourcesoftware.com/blog-whitesource/top-5-open-source-security-vulnerabilities-november-2018

---

Conclusion.

After updating my system’s lodash file to 4.17.12 through a root terminal, I was able to resolve updating issues related to lodash within the MM directory. The only issue is the message about the vulnerability that is not resolvable with npm audit fix

Starting the program displays the message that MagicMirror is online yet the UI does not change.

I’m going to stick with Raspbian for now

Thank you, I was able to fix the lodash issue only through a root terminal.

But a warning pops up saying:

npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed.
You must install peer dependencies yourself.

---

I read somewhere that this could be an npm issue or a bug. Still trying to figure it out. The issue now is to find acorn@^6.0.0 and the location to install it to. Hopefully that should fix the issue, any ideas?

I’ve tried the manual install. After going through several audit installs, this is the final one that I could not get through. Anyone have any experience in resolving this issue?

Note: I’m using ubuntu mate on my pi 3 instead of Raspbian

Thanks