Skip to content
This repository has been archived by the owner on Feb 16, 2020. It is now read-only.

found 1 low severity vulnerability ... error #2585

atifsari opened this issue Oct 9, 2018 · 12 comments

found 1 low severity vulnerability ... error #2585

atifsari opened this issue Oct 9, 2018 · 12 comments


Copy link

atifsari commented Oct 9, 2018

Note: this is the technical bug tracker, please use other platforms for getting support and starting a (non technical) discussion. See the getting help page for details.
I just installed gekko on c:\ at the end I get this message error "node-pre-gyp WARN Using request for node-pre-gyp https download
[sqlite3] Success: "C:\gekko-develop\node_modules\sqlite3\lib\binding\node-v57-win32-x64\node_sqlite3.node" is installed via remote
added 213 packages from 175 contributors and audited 520 packages in 30.892s
found 1 low severity vulnerability
run npm audit fix to fix them, or npm audit for details"

I'm submitting a ...
[ ] bug report
[ ] question about the decisions made in the repository

Action taken (what you did)

I run npm audit fix to fix them
Expected result (what you hoped would happen)
gave me another message " npm audit fix --force" and I follow it

Actual result (unexpected outcome)
gave me this last message :

npm WARN using --force I sure hope you know what you are doing.

  • lodash@4.17.11
    updated 1 package in 2.225s
    fixed 1 of 1 vulnerability in 520 scanned packages
    1 package update for 1 vuln involved breaking changes
    (installed due to --force option)

I tried to reinstall it in different locations ... still, I get no combo box on the config page

Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, etc)

Copy link

askmike commented Oct 10, 2018

I run npm audit fix to fix them

Don't do this! The problem is that a part of a library used everywhere in Gekko (called Lodash) had a security issue (in a function Gekko does not use, as such there is no security issue when running Gekko). I'm in the process of updating the complete the usage in this lib in the complete gekko codebase so this message won't show. But that's not done yet.

Copy link

Thank you ... I solve it by using bash on windows.

Copy link

gekkocu commented Oct 29, 2018

hello, i have no skill about coding ,and i installed helping internet video and installed gekko but there was visible only 2 exchange poloniex and bitfinex thats way i searched another tutorial about installing but now gekko broken , and i guess if i reinstall it i think it can work again , how to uninstall it ? could you help me please ? thanks

Copy link

Thank you ... I solve it by using bash on windows.

How did you solve it ? Can you explain a bit ?

I tried multiple things but all combox box are still empty.


Copy link

AdrianoImperador commented Dec 23, 2018

how did you guys solved this issue? just ignoring the vulnerability and proceeding with the broker's dependencies installation?
i m installing gekko on windows

Copy link

In this step
cd exchange
npm install --only=production
cd ..

I get this error, I attach the picture

It would be nice if someone can help me.

I already installed
BuildTools_Full.exe (I found it on microsoft webpage as VC++ 2015 build tool, dunno if is the right one)


Also, Im working with metatrader and I have a collections of bots for trading that I can share.

Copy link

Hey Leon,

I hope you rsolved the issue. I looked over it and I'm not sure if I can be of any help. :(

I was ondering what your expirience is with Metatrader and which bots it is you use !

Would you care to share them with me (us) ? That would be great.

Thanx in advance... Greetz 020-Martijn

Copy link

userbox020 commented Feb 20, 2019 via email

Copy link

stale bot commented Apr 21, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. If you feel this is very a important issue please reach out the maintainer of this project directly via e-mail: gekko at mvr dot me.

@stale stale bot added the wontfix label Apr 21, 2019
@stale stale bot closed this as completed Apr 28, 2019
Copy link

Hi, I'm at the beginning of the installation of Gekko. Can you help me know the steps involved in installing Gekko dependencies? Thanks

Copy link

Hi guys.
I was with the same problem, because I was all the time fixing the error msg's... Forget that!!

Just follow all steps of the installation and ignore all error msg's and that is it...

Working properly.


Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet

No branches or pull requests

10 participants