buttplug-developer-guide
buttplug-developer-guide copied to clipboard
Published
20 hours ago •
buttplugio
buttplugio
npm install warns of severe vulnerabilities in packages + npm run build fails due to package mismatch; resolved after running "npm audit fix"
Ran:
git clone https://github.com/buttplugio/buttplug-developer-guide.git
cd .\buttplug-developer-guide\
npm install
which resulted in:
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated [email protected]: This version of 'buffer' is out-of-date. You must update to v4.9.2 or newer
npm WARN deprecated [email protected]: Please update to ini >=1.3.6 to avoid a prototype pollution issue
npm WARN deprecated [email protected]: update to [email protected]
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version.
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated [email protected]: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version.
npm WARN deprecated [email protected]: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
added 1192 packages, and audited 1193 packages in 56s
41 packages are looking for funding
run `npm fund` for details
55 vulnerabilities (2 low, 25 moderate, 26 high, 2 critical)
To address issues that do not require attention, run:
npm audit fix
It is also worth noting that after having run npm install, I attempted npm run build, which resulted in this error:
> [email protected] build
> vuepress build developer-guide
A:\World\Code\Repositories\buttplug-developer-guide\node_modules\vue-server-renderer\index.js:8
throw new Error(
^
Error:
Vue packages version mismatch:
- [email protected]
- [email protected]
This may cause things to work incorrectly. Make sure to use the same version for both.
at Object.<anonymous> (A:\World\Code\Repositories\buttplug-developer-guide\node_modules\vue-server-renderer\index.js:8:9)
at Module._compile (node:internal/modules/cjs/loader:1101:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
at Module.load (node:internal/modules/cjs/loader:981:32)
at Function.Module._load (node:internal/modules/cjs/loader:822:12)
at Module.require (node:internal/modules/cjs/loader:1005:19)
at require (node:internal/modules/cjs/helpers:102:18)
at Object.<anonymous> (A:\World\Code\Repositories\buttplug-developer-guide\node_modules\@vuepress\core\lib\node\build\index.js:11:34)
at Module._compile (node:internal/modules/cjs/loader:1101:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
at Module.load (node:internal/modules/cjs/loader:981:32)
at Function.Module._load (node:internal/modules/cjs/loader:822:12)
at Module.require (node:internal/modules/cjs/loader:1005:19)
at require (node:internal/modules/cjs/helpers:102:18)
at Object.<anonymous> (A:\World\Code\Repositories\buttplug-developer-guide\node_modules\@vuepress\core\lib\node\App.js:21:22)
at Module._compile (node:internal/modules/cjs/loader:1101:14)
Running npm audit fix (as suggested by the npm install output) resulted in 77 vulnerabilities (62 moderate, 15 high) (more overall vulnerabilities, but less high and 0 critical). Also, after performing npm audit fix, npm run build successfully worked:
> [email protected] build
> vuepress build developer-guide
wait Extracting site metadata...
tip Apply theme @vuepress/theme-default ...
tip Apply plugin container (i.e. "vuepress-plugin-container") ...
tip Apply plugin @vuepress/register-components (i.e. "@vuepress/plugin-register-components") ...
tip Apply plugin @vuepress/active-header-links (i.e. "@vuepress/plugin-active-header-links") ...
tip Apply plugin @vuepress/search (i.e. "@vuepress/plugin-search") ...
tip Apply plugin @vuepress/nprogress (i.e. "@vuepress/plugin-nprogress") ...
tip Apply plugin matomo (i.e. "vuepress-plugin-matomo") ...
tip Apply plugin @vuepress/back-to-top (i.e. "@vuepress/plugin-back-to-top") ...
tip Apply plugin code-switcher (i.e. "vuepress-plugin-code-switcher") ...
√ Client
Compiled successfully in 6.31s
√ Server
Compiled successfully in 4.04s
wait Rendering static HTML...
success Generated static files in developer-guide\.vuepress\dist.
I'm not sure what the process would be to get this fixed in the repo itself, but I did hope to help by detailing the issue I was having and how I resolved it on my end.