This repository was archived by the owner on Feb 13, 2025. It is now read-only.
This repository was archived by the owner on Feb 13, 2025. It is now read-only.
Deprecated and vulnerable package warnings when running npm install #3
Description
The current HEAD of the master branch as of 2019-02-17 ( 6d386dc ) gives me the following warnings when I run npm install. I was following the instructions on https://ej2.syncfusion.com/documentation/deployment/ which state to clone and npm-install the ej2-typescript-seed project template.
$ npm install
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated graceful-fs@3.0.11: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
> node-sass@4.11.0 install C:\git\others\syncfusion\2019-02-17-seed\webpack-demo\node_modules\node-sass
> node scripts/install.js
Downloading binary from https://github.com/sass/node-sass/releases/download/v4.11.0/win32-x64-64_binding.node
Download complete
Binary saved to C:\git\others\syncfusion\2019-02-17-seed\webpack-demo\node_modules\node-sass\vendor\win32-x64-64\binding.node
Caching binary to C:\Users\David\AppData\Roaming\npm-cache\node-sass\4.11.0\win32-x64-64_binding.node
> node-sass@4.11.0 postinstall C:\git\others\syncfusion\2019-02-17-seed\webpack-demo\node_modules\node-sass
> node scripts/build.js
Binary found at C:\git\others\syncfusion\2019-02-17-seed\webpack-demo\node_modules\node-sass\vendor\win32-x64-64\binding.node
Testing binary
Binary is fine
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.7 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.7: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
added 1000 packages from 615 contributors and audited 13852 packages in 30.903s
found 8 vulnerabilities (3 low, 1 moderate, 4 high)
run `npm audit fix` to fix them, or `npm audit` for details
I did run npm audit fix but all of the fixes involve breaking changes:
$ npm audit fix
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.7 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.7: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
up to date in 5.393s
fixed 0 of 8 vulnerabilities in 13852 scanned packages
1 vulnerability required manual review and could not be updated
2 package updates for 7 vulns involved breaking changes
(use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)