Fix npm package vulns for node.js use
mope1 opened this issue · comments
Dominic M commented
Problem:
$ npm install
[!] 717 vulnerabilities found [17923 packages audited]
Severity: 554 Low | 127 Moderate | 36 High
Run `npm audit` for more detail
I think we should eventually update the packages relevant for the npm
build of 3dio-js
Solution
- Bump version in
package.json
orpackage-lock.json
usingnpm install <package> <version>
or something - Find out what broke and fix it, maybe add a couple tests if the unit tests don't find it
- Repeat for all the dependencies :(
- Maybe have a list of packages that are not really important to be up to date all the time because they are only used for testing
- Remove or replace packages where necessary
Tomas Polach commented
NPM provides a nice manual on how to act on the security audit report:
https://docs.npmjs.com/getting-started/running-a-security-audit