Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit warnings #4

Open
lestephane opened this issue May 22, 2022 · 1 comment
Open

npm audit warnings #4

lestephane opened this issue May 22, 2022 · 1 comment

Comments

@lestephane
Copy link

When considering a starter project for my content script I either landed on:

Because of npm audit problems, I'd rather not touch this project. It's suprising that not touching a project for half a year leads to so many vulnerabilities. Is the npm ecosystem leading to write-once, throw away projects? Anyway, that is besides the point.

BUT, the problem is that it's linked to from a blog post at https://blog.logrocket.com/creating-chrome-extension-react-typescript/, so it's not going anywhere soon. If the project won't be modified anymore, there should a warning to use xyz instead, or a specific fork that is more up to date should be nominated.

$ npm audit
...(garbage)...
36 vulnerabilities (11 moderate, 21 high, 4 critical)

To address issues that do not require attention, run:
  npm audit fix
$ npm audit fix
...(garbage)... 
28 vulnerabilities (10 moderate, 16 high, 2 critical)

To address issues that do not require attention, run:
  npm audit fix
$ npm audit fix
...(garbage)...
28 vulnerabilities (10 moderate, 16 high, 2 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force
$ npm audit fix --force
...(garbage)...
6 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force
$ npm audit fix --force
...(garbage)...
66 vulnerabilities (14 low, 26 moderate, 25 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force
$ npm audit fix
npm ERR! code ERR_INVALID_ARG_TYPE
npm ERR! The "from" argument must be of type string. Received undefined

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/lestephane/.npm/_logs/2022-05-22T06_16_03_876Z-debug-0.log
@bajcmartinez
Copy link
Owner

bajcmartinez commented May 31, 2022
edited
Loading

Hi @lestephane, thanks for submitting the report.

I was aware of these issues, however, it is not that easy to fix. As I'm using craco to set the configuration for CRA, there's currently a limitation in upgrading react-scripts to v5 (dilanx/craco#378).

Until the team at Craco can fix that I can't upgrade all versions as needed.

We gotta love the JS ecosystem...

If you know a way to upgrade the dependencies, please, feel free to submit a PR and I'll review it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lestephane @bajcmartinez