Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't to install mongoose on VS code! #8857

Closed
lucasbaquinoo opened this issue Apr 26, 2020 · 2 comments
Closed

Can't to install mongoose on VS code! #8857

lucasbaquinoo opened this issue Apr 26, 2020 · 2 comments
Labels
help This issue can likely be resolved in GitHub issues. No bug fixes, features, or docs necessary

Comments

@lucasbaquinoo
Copy link

Hello everyone, I hope you'll be great! I was studying NodeJS and in my course, we needed to install Mongoose but always when I trying to get this, it appears an error saying that I have vulnerabilities and asked me to solve manually. I'm new with programming and I don't know how to fix this.

To install, I used npm install mongoose and when this not worked, I tried the npm install -s mongoose and it doesn't work.

The error message is this:

npm WARN node-api@1.0.0 No description
npm WARN node-api@1.0.0 No repository field.

+ mongoose@5.9.10
updated 1 package and audited 616 packages in 2.713s
found 13 vulnerabilities (2 low, 6 moderate, 5 high)
  run `npm audit fix` to fix them, or `npm audit` for details

When I run npm audit fix, it requested to run npm audit and solve manually, as I said before. When I run appears this:

 === npm audit security report ===                        


                                 Manual Review                                  
             Some vulnerabilities require your attention to resolve             
                                                                                
          Visit https://go.npm.me/audit-guide for additional guidance           


  Moderate        Regular Expression Denial of Service                          

  Package         slug                                                          

  Patched in      >=0.9.2                                                       

  Dependency of   docker                                                        

  Path            docker > toc > slug                                           

  More info       https://npmjs.com/advisories/537                              


  Moderate        Prototype Pollution                                           

  Package         hoek                                                          

  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3                                   

  Dependency of   docker                                                        

  Path            docker > less > request > hawk > boom > hoek                  

  More info       https://npmjs.com/advisories/566                              


  Moderate        Prototype Pollution                                           

  Package         hoek                                                          

  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3                                   

  Dependency of   docker                                                        

  Path            docker > less > request > hawk > cryptiles > boom > hoek      

  More info       https://npmjs.com/advisories/566                              


  Moderate        Prototype Pollution                                           

  Package         hoek                                                          

  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3                                   

  Dependency of   docker                                                        

  Path            docker > less > request > hawk > hoek                         

  More info       https://npmjs.com/advisories/566                              


  Moderate        Prototype Pollution                                           

  Package         hoek                                                          

  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3                                   

  Dependency of   docker                                                        

  Path            docker > less > request > hawk > sntp > hoek                  

  More info       https://npmjs.com/advisories/566                              


  Low             Prototype Pollution                                           

  Package         lodash                                                        

  Patched in      >=4.17.5                                                      

  Dependency of   docker                                                        

  Path            docker > dox > jsdoctypeparser > lodash                       

  More info       https://npmjs.com/advisories/577                              


  Low             Prototype Pollution                                           

  Package         lodash                                                        

  Patched in      >=4.17.5                                                      

  Dependency of   docker                                                        

  Path            docker > toc > lodash                                         

  More info       https://npmjs.com/advisories/577                              


  High            Prototype Pollution                                           

  Package         lodash                                                        

  Patched in      >=4.17.11                                                     

  Dependency of   docker                                                        

  Path            docker > dox > jsdoctypeparser > lodash                       

  More info       https://npmjs.com/advisories/782                              


  High            Prototype Pollution                                           

  Package         lodash                                                        

  Patched in      >=4.17.11                                                     

  Dependency of   docker                                                        

  Path            docker > toc > lodash                                         

  More info       https://npmjs.com/advisories/782                              


  High            Prototype Pollution                                           

  Package         lodash                                                        

  Patched in      >=4.17.12                                                     

  Dependency of   docker                                                        

  Path            docker > dox > jsdoctypeparser > lodash                       

  More info       https://npmjs.com/advisories/1065                             


  High            Prototype Pollution                                           

  Package         lodash                                                        

  Patched in      >=4.17.12                                                     

  Dependency of   docker                                                        

  Path            docker > toc > lodash                                         

  More info       https://npmjs.com/advisories/1065                             


  Moderate        Regular Expression Denial of Service                          

  Package         marked                                                        

  Patched in      >=0.6.2                                                       

  Dependency of   docker                                                        

  Path            docker > dox > marked                                         

  More info       https://npmjs.com/advisories/812                              


  High            Insufficient Entropy                                          

  Package         cryptiles                                                     

  Patched in      >=4.1.2                                                       

  Dependency of   docker                                                        

  Path            docker > less > request > hawk > cryptiles                    

  More info       https://npmjs.com/advisories/1464                             

found 13 vulnerabilities (2 low, 6 moderate, 5 high) in 616 scanned packages
  13 vulnerabilities require manual review. See the full report for details.

NodeJS version: v12.13.1
npm version: 6.12.1
Docker version: 19.03.8, build afacb8b (I don't know if this "build" it's necessary but it is here)
@OrmEmbaar
Copy link

This is not a problem with Mongoose. It just happens to arise when you install Mongoose because you are using NPM, which is auditing your packages post-installation. It looks like your Docker dependency is severely outdated.

Anyway, there is actually no problem here. If you're just doing a course, you can ignore the audit warning.

@lucasbaquinoo
Copy link
Author

This is not a problem with Mongoose. It just happens to arise when you install Mongoose because you are using NPM, which is auditing your packages post-installation. It looks like your Docker dependency is severely outdated.

Anyway, there is actually no problem here. If you're just doing a course, you can ignore the audit warning.

Thanks!!

@AbdelrahmanHafez AbdelrahmanHafez added the help This issue can likely be resolved in GitHub issues. No bug fixes, features, or docs necessary label Apr 26, 2020
@vkarpov15 vkarpov15 mentioned this issue May 3, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help This issue can likely be resolved in GitHub issues. No bug fixes, features, or docs necessary
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AbdelrahmanHafez @OrmEmbaar @lucasbaquinoo