I have started working with TestCafe 2.2.0
The Following was noted in the console.
up to date, audited 598 packages in 8s
72 packages are looking for funding
run `npm fund` for details
4 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
How to fix the vulnerabilities?
npm audit fix --force does not work.
These vulnerabilities are already fixed in testcafe#2.3.0-rc.2.
Related
This is the error I get when running the command npm i axios:
up to date, audited 1469 packages in 6s
226 packages are looking for funding
run `npm fund` for details
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Here, I use VS code and typed that command on its terminal.
I keep getting this error when trying to install axios, and I am not sure how to fix this.
Could this be a problem for my future coding?
This is a result of the new npm version including the audit command.
It isn't some new issue with the CLI, npm just introduced new functionality in npm to warn users about vulnerabilities in the packages they're installing - so there's no "new" vulnerability, it's just that now npm is now warning you about vulnerabilities that already existed: https://blog.npmjs.org/
If you have run npm audit and got vulnerabilities, then you can have different scenarios:
Security vulnerabilities found with suggested updates
Run the npm audit fix subcommand to automatically install compatible updates to vulnerable dependencies.
Run the recommended commands individually to install updates to vulnerable dependencies. (Some updates may be semver-breaking changes; for more information, see "SEMVER warnings".)
Security vulnerabilities found requiring manual review
If security vulnerabilities are found, but no patches are available, the audit report will provide information about the vulnerability so you can investigate further.
You can read more about it here.
Even after running npm audit fix if it is not fixed, then you can Turn off npm audit. Use the below command to turn off the npm audit.
When installing a single package:
npm install example-package-name --no-audit
To turn off npm audit when installing all packages:
npm set audit false
It will set the audit setting to false in your user and global npmrc config files.
If you still want to fix them, you can refer to this article about how to.
For some reason, whenever I run npm install --save #solana/web3.js in the terminal, it always gives me this:
removed 16 packages, changed 1 package, and audited 1951 packages in 2m
135 packages are looking for funding
run `npm fund` for details
59 vulnerabilities (5 low, 16 moderate, 14 high, 24 critical)
To address issues that do not require attention, run:
npm audit fix
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
But when I check in the project folder, there's nothing there. And it doesn't give me an error either. How do I fix this? I looked at this question, but it doesn't really answer the problem.
Would really appreciate any feedback, thank you!
Hoping you can help me figure mimelib out.
Trying to install this REACT script with my limited react xp and have a myriad of errors doing different things...
I'm running this script:
https://github.com/webdesignleader/referBeam
Getting this console error:
$ npm update
npm WARN deprecated mimelib#0.3.1: This project is unmaintained
npm WARN deprecated mailparser#0.6.2: Mailparser versions older than v2.3.0 are deprecated
changed 10 packages, and audited 760 packages in 27s
12 packages are looking for funding
run `npm fund` for details
48 vulnerabilities (4 low, 12 moderate, 27 high, 5 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Please help me fix this the right way.
Thank you!!!
This is not an error. But just a warning, because mimelib package is not getting maintained anymore and you will not get any updates for it in the future. You can check over here as well.
Your project can still work. But this warning is basically telling you to remove this package as no one is maintaining it and I just checked it's not even updated from the last 5 years.
Hi everyone I wanted to ask if any of you could solve the following problem:
I wanted to fail audio in a voice channel but I can't, I managed to connect to the channel but when I have to run the audio file crashes
When I install the modules it gives me the following errors:
> ffmpeg-static#4.4.0 install C:\Discord\Jawsbot\node_modules\ffmpeg-static
> node install.js
Downloading ffmpeg 4.4 [||||||||||||||||||||] 100% 0.0s
Failed to download the ffmpeg README.
npm WARN jawsbot#1.0.0 No description
npm WARN jawsbot#1.0.0 No repository field.
+ ffmpeg-static#4.4.0
added 15 packages from 44 contributors, updated 29 packages and audited 44 packages in 7.985s
found 6 vulnerabilities (2 low, 1 moderate, 3 high)
run `npm audit fix` to fix them, or `npm audit` for details
C:\Discord\Jawsbot>npm install #discordjs/opus
> #discordjs/opus#0.5.3 install C:\Discord\Jawsbot\node_modules\#discordjs\opus
> node-pre-gyp install --fallback-to-build
[#discordjs/opus] Success: "C:\Discord\Jawsbot\node_modules\#discordjs\opus\prebuild\node-v83-napi-v3-win32-x64-unknown-unknown\opus.node" is installed via remote
npm WARN jawsbot#1.0.0 No description
npm WARN jawsbot#1.0.0 No repository field.
+ #discordjs/opus#0.5.3
added 45 packages from 90 contributors and audited 89 packages in 20.077s
3 packages are looking for funding
run `npm fund` for details
found 6 vulnerabilities (2 low, 1 moderate, 3 high)
run `npm audit fix` to fix them, or `npm audit` for details
C:\Discord\Jawsbot>npm install opusscript
npm WARN jawsbot#1.0.0 No description
npm WARN jawsbot#1.0.0 No repository field.
+ opusscript#0.0.8
added 1 package from 1 contributor and audited 90 packages in 1.316s
3 packages are looking for funding
run `npm fund` for details```
These are just warnings. Not errors. There is no need to be alarmed, in the future if you see these warnings just know, 99% of the time ignore them and you should be fine.
I found that instead of channel I had to put connection.play, but now the bot enters and does nothing does not even give an error the piece of code to run the file is as follows:
var channel = message.guild.channels.cache.get("842859974324518913")
if (!channel) return console.error("The channel does not exist!");
channel.join().then(connection => {
const dispatcher = connection.play('./audios/private.mp3');
dispatcher.on("end", end => {
channel.leave();
});
});
Background
If I do npm audit on a ReactJS application we haven't touched in a year (until recently), I get the following summary:
found 356 vulnerabilities (321 low, 20 moderate, 14 high, 1 critical)
in 11345 scanned packages run `npm audit fix` to fix 3 of them.
353 vulnerabilities require semver-major dependency updates.
If I do that npm audit fix those 3 vulnerabilities are resolved, the others are not because they are breaking changes.
Doing another npm audit I get this summary:
found 71 vulnerabilities (36 low, 20 moderate, 14 high, 1 critical) in 11345 scanned packages
71 vulnerabilities require semver-major dependency updates.
At the top of the audit:
Run npm install react-scripts#2.1.2 to resolve 71 vulnerabilities SEMVER WARNING: Recommended action is a potentially breaking change
After I do that npm install react-scripts#2.1.2 the vulnerabilities are reduced to only 1:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Missing Origin Validation
Package webpack-dev-server
Patched in >=3.1.11
Dependency of react-scripts
Path react-scripts > webpack-dev-server
More info https://nodesecurity.io/advisories/725
After I do a npm install webpack-dev-server#3.1.14, I get 2 new issues:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Missing Origin Validation
Package webpack-dev-server
Patched in >=3.1.11
Dependency of react-scripts
Path react-scripts > webpack-dev-server
More info https://nodesecurity.io/advisories/725
High Missing Origin Validation
Package webpack-dev-server
Patched in >=3.1.11
Dependency of webpack-dev-server
Path webpack-dev-server
More info https://nodesecurity.io/advisories/725
That more info link suggests an update to version 3.1.6 or later. What I do is way higher than that ...
Questions
To have a better understanding of what npm audit does, I'd like to discuss the following remarks:
Why does doing npm install webpack-dev-server#3.1.14 add an issue, rather than fix the one mentioned before? Looks like the previous issue remains even ...
Why does the vulnerabilities count drop from 356 to 71 after fixing only 3 issues while the total packages count is the same?
Why did the audit not suggest me to do npm install webpack-dev-server#3.1.11 or higher if it knows the issue is patched since 3.1.11? it did know npm install react-scripts#2.1.2 was necessary earlier.
What should I do to fix the issue mentioned in question #1?
PS: That nodesecurity link suggests to update webpack-dev-server to version 3.1.6 or higher. I'm doing much higher than that ...
PPS: I tried npm install webpack-dev-server#3.1.11 as well, no difference.
The advisory page for the webpack-dev-server vulnerability listed the latest version as an affected version. This has been caused by a typo in the npm security repository, as reported in a thread in the npm community forum. The typo has been fixed a few hours later.