fastify-autoroutes
fastify-autoroutes copied to clipboard
[Bug report] dependancies
Hello,
I have just installed fast-autoroutes in a new project but the post installation (using npm) displays:
> npm install --save fastify-autoroutes
added 16 packages, and audited 921 packages in 2s
52 packages are looking for funding
run `npm fund` for details
7 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
> npm audit
# npm audit report
ansi-regex >2.1.1 <5.0.1
Severity: moderate
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/fastify-autoroutes/node_modules/ansi-regex
strip-ansi 4.0.0 - 5.2.0
Depends on vulnerable versions of ansi-regex
node_modules/fastify-autoroutes/node_modules/strip-ansi
cliui 4.0.0 - 5.0.0
Depends on vulnerable versions of strip-ansi
Depends on vulnerable versions of wrap-ansi
node_modules/fastify-autoroutes/node_modules/cliui
yargs 10.1.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of string-width
node_modules/fastify-autoroutes/node_modules/yargs
fastify-autoroutes >=2.0.0
Depends on vulnerable versions of yargs
node_modules/fastify-autoroutes
string-width 2.1.0 - 4.1.0
Depends on vulnerable versions of strip-ansi
node_modules/fastify-autoroutes/node_modules/string-width
wrap-ansi 3.0.0 - 6.1.0
Depends on vulnerable versions of string-width
Depends on vulnerable versions of strip-ansi
node_modules/fastify-autoroutes/node_modules/wrap-ansi
7 moderate severity vulnerabilities
It seems you have an unused dependencies in package.json: json5, pluralize and yargs.
You could probably cleanup the dev dependancies as well.
Also note that the npm package contains unrelated (old) files in the dist/ folder.
yes, i know, i was writing a tool that can create routes file from cli if you have package installed, but i decided to move to a separate package, i will remove thoose dependencies so it will be installed only if you have the other package (in dev mode).
Thanks for report!
it's fixed in https://github.com/GiovanniCardamone/fastify-autoroutes/pull/194