New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security alert (hoek package) #6399
Comments
Are you using create-react-app? I've run into a bunch of security issues related to libraries being used create-react-app recently. The best way to resolve them, in my experience, is to run |
@blaytenshi Thanks, this is helpful. But hopefully the semantic ui maintainers will want to remove the security issue from their code as well. |
@philipmjohnson You're not wrong, but as @philrykoff points out in #4987 (comment) ...
My |
@philipmjohnson If you've updated to the latest npm (i believe 6 and above) you can run the command |
@blaytenshi Thanks, but
1 out of 14 doesn't seem too good, so let's try
Committing the resulting package-lock.json satisfied GitHub, I am no longer getting security vulnerability alerts. This seems like a lot of work for each person wanting to create a custom theme in semantic ui. Better that the system developers just fix their package.json? |
After running
npm install semantic-ui --save
and committing my repo to github, I get the following security alert:This is related to the hoek package.
Because the install process does not result in a package.json file, but only a package-lock.json, I am not sure how to fix this locally.
The text was updated successfully, but these errors were encountered: