fastify-autoroutes icon indicating copy to clipboard operation
fastify-autoroutes copied to clipboard

Published 20 hours ago verified publisher icon GiovanniCardamone

[Bug report] dependancies

Open flyingeek opened this issue 2 years ago • 1 comments

Hello,

I have just installed fast-autoroutes in a new project but the post installation (using npm) displays:

> npm install --save fastify-autoroutes

added 16 packages, and audited 921 packages in 2s

52 packages are looking for funding
  run `npm fund` for details

7 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

> npm audit

# npm audit report

ansi-regex  >2.1.1 <5.0.1
Severity: moderate
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/fastify-autoroutes/node_modules/ansi-regex
  strip-ansi  4.0.0 - 5.2.0
  Depends on vulnerable versions of ansi-regex
  node_modules/fastify-autoroutes/node_modules/strip-ansi
    cliui  4.0.0 - 5.0.0
    Depends on vulnerable versions of strip-ansi
    Depends on vulnerable versions of wrap-ansi
    node_modules/fastify-autoroutes/node_modules/cliui
      yargs  10.1.0 - 15.0.0
      Depends on vulnerable versions of cliui
      Depends on vulnerable versions of string-width
      node_modules/fastify-autoroutes/node_modules/yargs
        fastify-autoroutes  >=2.0.0
        Depends on vulnerable versions of yargs
        node_modules/fastify-autoroutes
    string-width  2.1.0 - 4.1.0
    Depends on vulnerable versions of strip-ansi
    node_modules/fastify-autoroutes/node_modules/string-width
      wrap-ansi  3.0.0 - 6.1.0
      Depends on vulnerable versions of string-width
      Depends on vulnerable versions of strip-ansi
      node_modules/fastify-autoroutes/node_modules/wrap-ansi

7 moderate severity vulnerabilities

It seems you have an unused dependencies in package.json: json5, pluralize and yargs.

You could probably cleanup the dev dependancies as well.

Also note that the npm package contains unrelated (old) files in the dist/ folder.

flyingeek avatar Feb 08 '22 21:02 flyingeek

yes, i know, i was writing a tool that can create routes file from cli if you have package installed, but i decided to move to a separate package, i will remove thoose dependencies so it will be installed only if you have the other package (in dev mode).

Thanks for report!

GiovanniCardamone avatar Feb 09 '22 06:02 GiovanniCardamone

it's fixed in https://github.com/GiovanniCardamone/fastify-autoroutes/pull/194

GiovanniCardamone avatar Oct 23 '22 14:10 GiovanniCardamone