scoreboard
scoreboard copied to clipboard
Published
20 hours ago •
developmentseed
developmentseed
Fix npm vulnerabilities and deprecated npm packages, incl. request-promise-native
~When using yarn for package management, one does not see the deprecation warnings which are provided from npmjs.com upon npm install.~
correction: the same deprecation warnings can be discovered by yarn with
rm -rf node_modules/ yarn.lock && yarn
One interesting package needing replacement for request-promise-native. Following the documentation trail, here is a list of request alternatives. https://github.com/request/request/issues/3143 . I have had good experience using axios on a past project but we should consider all options. Because axios uses XHRs under the hood, you can do things like cancel requests, and build progress meters as your requests upload or download.
# this currently shows many deprecated packages, using npm 6:
rm -rf node_modules package-lock.json && npm i
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated [email protected]: simple-oauth2 v2 is no longer supported. Please upgrade to v3 for further support
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: This module has moved: please install @mapbox/vector-tile instead
npm WARN deprecated [email protected]: This module has moved and is now available at @hapi/wreck. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.
npm WARN deprecated [email protected]: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: This module has moved: please install @mapbox/point-geometry instead
npm WARN deprecated [email protected]: This module has moved and is now available at @hapi/boom. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.
npm WARN deprecated [email protected]: This module has moved and is now available at @hapi/hoek. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.
npm WARN deprecated [email protected]: This module has moved and is now available at @hapi/bourne. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.
npm WARN deprecated [email protected]: Please upgrade to kleur@3 or migrate to 'ansi-colors' if you prefer the old syntax. Visit <https://github.com/lukeed/kleur/releases/tag/v3.0.0\> for migration path(s).
npm WARN deprecated [email protected]: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated [email protected]: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
npm WARN deprecated [email protected]: use String.prototype.padStart()
npm WARN deprecated [email protected]: Removed event-stream from gulp-header
npm WARN deprecated [email protected]: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated @types/[email protected]: This is a stub types definition. vfile-message provides its own type definitions, so you do not need this installed.
Additionally, npm audit
found 74 vulnerabilities (63 low, 2 moderate, 9 high)
which could be fixed as part of the same task.
