Skip to content

Hitting numerous npm audit issues when creating strapi app on Ubuntu 20 #10377

@mwoodpatrick

Description

@mwoodpatrick

Bug report

Describe the bug

When creating the quickstart app on Ubuntu 20.04.2 LTS (Digital Ocean or WSL-2) node v14.17.0 (npm/npx v6.14.13):

npx create-strapi-app strapi --quickstart  2>&1 | tee strapi_install.log

Then cd'ing into strapi and running

npm i

I get

found 52 vulnerabilities (7 moderate, 45 high)
run npm audit fix to fix them, or npm audit for details

and then running npm audit:

npm audit --parseable 2>&1 | tee npm_audit.log

I get the attached results:

npm_audit.log

Running:

npm audit fix

gives:

npm WARN @buffetjs/utils@3.3.6 requires a peer of yup@^0.27.0 but none is installed. You must install peer dependencies yourself.
npm WARN bootstrap@4.6.0 requires a peer of jquery@1.9.1 - 3 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.3.2 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.13 (node_modules/watchpack-chokidar2/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.13 (node_modules/webpack-dev-server/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

up to date in 14.092s

109 packages are looking for funding
run npm fund for details

fixed 0 of 52 vulnerabilities in 1666 scanned packages
52 vulnerabilities required manual review and could not be updated

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions