romenigld
Npm audit Package tar
Hello Guys,
I’m reading the ebook Programming Phoenix 1.4 and in the subchapter “Phoenix LiveView” of the chapter “What’s Next?” I cloned the Phoenix LiveView Example.
So I made the steps for run and when I run the npm install. I have a warning for fix the npm audit.
So I try to fix like recommend the steps and with --force.
But it complains for 1 vulnerability.
$ npm audit
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Overwrite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=2.2.2 <3.0.0 || >=4.4.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ webpack [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ webpack > watchpack > chokidar > fsevents > node-pre-gyp > │
│ │ tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/803 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 6579 scanned packages
1 vulnerability requires manual review. See the full report for details.
I don’t know what do. I need help!?
Marked As Solved
kokolegorille
There is package that helps You update npm package…
https://github.com/tjunnone/npm-check-updates
You might use it to solve this issue.
Also Liked
egze
Don‘t know how to fix it, Sorry.
But also I wouldn‘t worry about it too much. For production app you won‘t be running node, webpack or this tar package. The scripts will be compiled to 1 JS file and served statically.
kokolegorille
Javascript is always changing, and it would be hard to track down JS packages for Phoenix team…
Between 1.3 and 1.4 Phoenix moved from brunch to webpack. Probably the next Phoenix will include those babel changes.
There is a post, which describe the whole process.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








