ionic
ionic copied to clipboard
nuxt-modules
Dependency kevinmarrec/nuxt-pwa is deprecated (and cause security issue)
🐛 The bug
As mentioned on their github: https://github.com/kevinmarrec/nuxt-pwa-module
Nuxt 3 is powered by Vite which has today a amazing PWA plugin on his own, with Nuxt support.
Also it add a high security vulnerabilities according to npm audit fix:
# npm audit report
sharp <0.32.6
Severity: high
sharp vulnerability in libwebp dependency CVE-2023-4863 - https://github.com/advisories/GHSA-54xq-cgqr-rpm3
No fix available
node_modules/sharp
@kevinmarrec/nuxt-pwa >=0.1.0
Depends on vulnerable versions of sharp
node_modules/@kevinmarrec/nuxt-pwa
@nuxtjs/ionic *
Depends on vulnerable versions of @kevinmarrec/nuxt-pwa
node_modules/@nuxtjs/ionic
🛠️ To reproduce
https://github.com/kevinmarrec/nuxt-pwa-module
🌈 Expected behaviour
Remove this dependency
ℹ️ Additional context
No response
A potential solution is to replace this dependency with the official Vite PWA module that supports Nuxt 3
Additionally, since the vulnerability is located in the sharp package (to generate asset files) - the alternative for the same functionality is to use @vite-pwa/assets-generator
A potential solution is to replace this dependency with the official Vite PWA module that supports Nuxt 3
Additionally, since the vulnerability is located in the sharp package (to generate asset files) - the alternative for the same functionality is to use @vite-pwa/assets-generator
@yllaw Agreed, I recently worked with the @vite-pwa/nuxt module in my Nuxt 3 Ionic app, and it worked like a charm.
