font-awesome-assets
font-awesome-assets copied to clipboard
4 deprecated dependencies with 11 vulnerabilities, 4 high
Describe the bug
From a fresh directory I get reports of 4 deprecated dependencies and vulnerabilities:
$ npm i font-awesome-assets
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: this package is now deprecated
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
added 165 packages, and audited 166 packages in 6s
7 packages are looking for funding
run `npm fund` for details
11 vulnerabilities (7 moderate, 4 high)
To address issues that do not require attention, run:
npm audit fix
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
So I ran npm audit
:
$ npm audit
# npm audit report
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix`
node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/css-select
cheerio 0.19.0 - 1.0.0-rc.3
Depends on vulnerable versions of css-select
node_modules/cheerio
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
No fix available
node_modules/request
phantomjs-prebuilt *
Depends on vulnerable versions of request
node_modules/phantomjs-prebuilt
svg2png *
Depends on vulnerable versions of phantomjs-prebuilt
Depends on vulnerable versions of yargs
node_modules/svg2png
font-awesome-assets *
Depends on vulnerable versions of @ladjs/svgfont2js
Depends on vulnerable versions of cheerio
Depends on vulnerable versions of svg2png
node_modules/font-awesome-assets
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
No fix available
node_modules/xml2js
@ladjs/svgfont2js *
Depends on vulnerable versions of xml2js
node_modules/@ladjs/svgfont2js
yargs-parser <=5.0.0
Severity: moderate
yargs-parser Vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-p9pc-299p-vxgp
No fix available
node_modules/yargs-parser
yargs 4.0.0-alpha1 - 7.0.0-alpha.3 || 7.1.1
Depends on vulnerable versions of yargs-parser
node_modules/yargs
11 vulnerabilities (7 moderate, 4 high)
To address issues that do not require attention, run:
npm audit fix
Some issues need review, and may require choosing
a different dependency.
And then I found font-awesome-assets-updated
, but:
$ npm i font-awesome-assets-updated
npm ERR! code 128
npm ERR! An unknown git error occurred
npm ERR! command git --no-replace-objects ls-remote ssh://[email protected]/niftylettuce/svgfont2js.git
npm ERR! ERROR: Repository not found.
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/pmorch/.npm/_logs/2023-04-29T04_55_08_378Z-debug-0.log