Fix npm package vulns for node.js use

Question

Fix npm package vulns for node.js use

mope1 opened this issue 6 years ago · comments

Problem:

$ npm install
[!] 717 vulnerabilities found [17923 packages audited]
    Severity: 554 Low | 127 Moderate | 36 High
    Run `npm audit` for more detail

I think we should eventually update the packages relevant for the npm build of 3dio-js

Solution

Bump version in package.json or package-lock.json using npm install <package> <version> or something
Find out what broke and fix it, maybe add a couple tests if the unit tests don't find it
Repeat for all the dependencies :(
Maybe have a list of packages that are not really important to be up to date all the time because they are only used for testing
Remove or replace packages where necessary

Tomas Polach · Answer 1 · Wed May 16 2018 14:32:00 GMT+0800 (China Standard Time)

NPM provides a nice manual on how to act on the security audit report:
https://docs.npmjs.com/getting-started/running-a-security-audit

Deleted user · Answer 2 · Wed Jul 25 2018 20:58:47 GMT+0800 (China Standard Time)

https://github.com/archilogic-com/3dio-js/network/dependencies