node-oauth2-server
node-oauth2-server copied to clipboard
oauthjs
npm package is out of date
In npm we have package 2.4.0 published 4 years before, however vertion 3.0.1 is released. How to upgrade?
@Doom100500 Make sure you are using the correct name for the npm package. There were one or two "alternative" names which are not updated (anymore?). oauth2-server is the right one.
Copied from your question on another issue.
@oauthjs Could anyone with write access mark the npm package node-oauth2-server as deprecated?
Sorry for delay... I followed the link in the main page of repository, which forwards me to npm of node-oauth2-server. In other hand, i tried to use the express wrapper, that maybe fetched wrong dependency. Currently i'm out of oath thinks in my personal work, once i'll deal with it, i'll verify the flow...
Hello the great team! Once i got back to the oauth implementation and i want to explain my confusion.
Once i decided to to expose my server with express, i follewed to documentation about an adapters, which is have the link to adapter for express. So for this setup the reprodusable steps are:
- Create a fresh package: npm init -y
- install oauth2-server: npm install oauth2-server. That response with:
+ [email protected]
+ [email protected]
+ [email protected]
added 404 packages from 780 contributors and audited 5036 packages in 6.731s
found 0 vulnerabilities
- Then we want to install the adapter: npm install express-oauth-server I get:
+ [email protected]
added 52 packages from 45 contributors and audited 5174 packages in 5.75s
found 1 low severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
- npm audit
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ express-oauth-server │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ express-oauth-server > oauth2-server > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 5174 scanned packages
1 vulnerability requires manual review. See the full report for details.
Which is says that of sure something broken in dependences of the express-oauth-server. So this issue not really related to this repository, but i think, it can be closed only after removing link to the broken package from documentation.
Thank you for great repo...
Hello the great team! Once i got back to the oauth implementation and i want to explain my confusion.
Once i decided to to expose my server with express, i follewed to documentation about an adapters, which is have the link to adapter for express. So for this setup the reprodusable steps are:
- Create a fresh package: npm init -y
- install oauth2-server: npm install oauth2-server. That response with:
+ [email protected] + [email protected] + [email protected] added 404 packages from 780 contributors and audited 5036 packages in 6.731s found 0 vulnerabilities
- Then we want to install the adapter: npm install express-oauth-server I get:
+ [email protected] added 52 packages from 45 contributors and audited 5174 packages in 5.75s found 1 low severity vulnerability run `npm audit fix` to fix them, or `npm audit` for details
- npm audit
=== npm audit security report === ┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Low │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=4.17.5 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ express-oauth-server │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ express-oauth-server > oauth2-server > lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/577 │ └───────────────┴──────────────────────────────────────────────────────────────┘ found 1 low severity vulnerability in 5174 scanned packages 1 vulnerability requires manual review. See the full report for details.Which is says that of sure something broken in dependences of the express-oauth-server. So this issue not really related to this repository, but i think, it can be closed only after removing link to the broken package from documentation.
Thank you for great repo...
I don't know what happen on this (maybe some inside express-oauth-server/oauth2-server is low version). However, you can move express-oauth-server/index.js to root and rename it to authenticate.js then replace const OAuthServer = require('express-oauth-server') to const OAuthServer = require('./authenticate') on server.js , npm i oauth-server. It's fixed.
Is the NPM audit for lodash fixed within 3.0.1 of this package? If it's just a matter of "express-oauth-server", we can fork and create the update :)
