chrome-react-seo-extension
chrome-react-seo-extension copied to clipboard
bajcmartinez
npm audit warnings
When considering a starter project for my content script I either landed on:
- https://github.com/chibat/chrome-extension-typescript-starter (0 vulnerabilitties)
- https://github.com/bajcmartinez/chrome-react-seo-extension (21 high, 4 critical vulnerabilities)
Because of npm audit problems, I'd rather not touch this project. It's suprising that not touching a project for half a year leads to so many vulnerabilities. Is the npm ecosystem leading to write-once, throw away projects? Anyway, that is besides the point.
BUT, the problem is that it's linked to from a blog post at https://blog.logrocket.com/creating-chrome-extension-react-typescript/, so it's not going anywhere soon. If the project won't be modified anymore, there should a warning to use xyz instead, or a specific fork that is more up to date should be nominated.
$ npm audit
...(garbage)...
36 vulnerabilities (11 moderate, 21 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
$ npm audit fix
...(garbage)...
28 vulnerabilities (10 moderate, 16 high, 2 critical)
To address issues that do not require attention, run:
npm audit fix
$ npm audit fix
...(garbage)...
28 vulnerabilities (10 moderate, 16 high, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
$ npm audit fix --force
...(garbage)...
6 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
$ npm audit fix --force
...(garbage)...
66 vulnerabilities (14 low, 26 moderate, 25 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
$ npm audit fix
npm ERR! code ERR_INVALID_ARG_TYPE
npm ERR! The "from" argument must be of type string. Received undefined
npm ERR! A complete log of this run can be found in:
npm ERR! /home/lestephane/.npm/_logs/2022-05-22T06_16_03_876Z-debug-0.log
Hi @lestephane, thanks for submitting the report.
I was aware of these issues, however, it is not that easy to fix. As I'm using craco to set the configuration for CRA, there's currently a limitation in upgrading react-scripts to v5 (https://github.com/gsoft-inc/craco/issues/378).
Until the team at Craco can fix that I can't upgrade all versions as needed.
We gotta love the JS ecosystem...
If you know a way to upgrade the dependencies, please, feel free to submit a PR and I'll review it.
