[Pkg-javascript-devel] Bug#907326: npm talks about security vulnerabilities when trying to do its work.
shirish शिरीष
shirishag75 at gmail.com
Sun Aug 26 15:25:30 BST 2018
Package: npm
Version: 5.8.0+ds-2
Severity: normal
Dear Maintainer,
I was trying to build an upstream version of requestpolicy and got the
following warnings -
~/games/requestpolicy$ make
npm install
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm WARN notice [SECURITY] lodash has the following vulnerability: 1
low. Go here for more details:
https://nodesecurity.io/advisories?search=lodash&version=4.17.4 - Run
`npm i npm at latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm WARN notice [SECURITY] debug has the following vulnerability: 1
low. Go here for more details:
https://nodesecurity.io/advisories?search=debug&version=2.6.8 - Run
`npm i npm at latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm WARN notice [SECURITY] randomatic has the following vulnerability:
1 low. Go here for more details:
https://nodesecurity.io/advisories?search=randomatic&version=1.1.7 -
Run `npm i npm at latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm WARN notice [SECURITY] minimatch has the following vulnerability:
1 high. Go here for more details:
https://nodesecurity.io/advisories?search=minimatch&version=0.2.14 -
Run `npm i npm at latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm ERR! write after end
npm WARN notice [SECURITY] minimatch has the following vulnerability:
1 high. Go here for more details:
https://nodesecurity.io/advisories?search=minimatch&version=2.0.10 -
Run `npm i npm at latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm WARN notice [SECURITY] lodash has the following vulnerability: 1
low. Go here for more details:
https://nodesecurity.io/advisories?search=lodash&version=1.0.2 - Run
`npm i npm at latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm ERR! write after end
npm WARN notice [SECURITY] randomatic has the following vulnerability:
1 low. Go here for more details:
https://nodesecurity.io/advisories?search=randomatic&version=1.1.7 -
Run `npm i npm at latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm WARN notice [SECURITY] lodash has the following vulnerability: 1
low. Go here for more details:
https://nodesecurity.io/advisories?search=lodash&version=3.10.1 - Run
`npm i npm at latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm WARN notice [SECURITY] atob has the following vulnerability: 1
moderate. Go here for more details:
https://nodesecurity.io/advisories?search=atob&version=1.1.3 - Run
`npm i npm at latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm WARN notice [SECURITY] sshpk has the following vulnerability: 1
high. Go here for more details:
https://nodesecurity.io/advisories?search=sshpk&version=1.13.1 - Run
`npm i npm at latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm WARN notice [SECURITY] growl has the following vulnerability: 1
critical. Go here for more details:
https://nodesecurity.io/advisories?search=growl&version=1.9.2 - Run
`npm i npm at latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm WARN notice [SECURITY] is-my-json-valid has the following
vulnerability: 1 low. Go here for more details:
https://nodesecurity.io/advisories?search=is-my-json-valid&version=2.16.1
- Run `npm i npm at latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm WARN notice [SECURITY] stringstream has the following
vulnerability: 1 moderate. Go here for more details:
https://nodesecurity.io/advisories?search=stringstream&version=0.0.5 -
Run `npm i npm at latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm WARN notice [SECURITY] hoek has the following vulnerability: 1
moderate. Go here for more details:
https://nodesecurity.io/advisories?search=hoek&version=4.2.0 - Run
`npm i npm at latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm ERR! write after end
npm ERR! A complete log of this run can be found in:
npm ERR! /home/shirish/.npm/_logs/2018-08-26T14_07_40_249Z-debug.log
make: *** [Makefile:351: node_modules/.timestamp_packages] Error 1
Could you fix the above issues ?
-- System Information:
Debian Release: buster/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (100,
'unstable-debug'), (100, 'experimental-debug'), (100, 'experimental'),
(100, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.17.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages npm depends on:
ii node-abbrev 1.0.9-1
ii node-ansi 0.3.0-2
ii node-ansi-color-table 1.0.0-1
ii node-ansi-regex 3.0.0-1
ii node-ansistyles 0.1.3-1
ii node-aproba 1.2.0-1
ii node-archy 1.0.0-1
ii node-are-we-there-yet 1.1.4-1
ii node-aws-sign2 0.7.1-1
ii node-block-stream 0.0.9-1
ii node-bluebird 3.5.1+dfsg2-2
ii node-caseless 0.12.0-1
ii node-chalk 2.3.0-1
ii node-config-chain 1.1.11-1
ii node-detect-indent 5.0.0-1
ii node-editor 1.0.0-1
ii node-encoding 0.1.12-2
ii node-fs-vacuum 1.2.10-2
ii node-fstream 1.0.10-1
ii node-fstream-ignore 0.0.6-2
ii node-gauge 2.7.4-1
ii node-github-url-from-git 1.4.0-1
ii node-glob 7.1.2-6
ii node-graceful-fs 4.1.11-1
ii node-gyp 3.6.2-2
ii node-har-validator 5.0.2-1
ii node-has-unicode 2.0.1-2
ii node-hawk 6.0.1+dfsg-1
ii node-hosted-git-info 2.5.0-1
ii node-iferr 1.0.2-1
ii node-import-lazy 3.0.0.REALLY.2.1.0-1
ii node-inflight 1.0.6-1
ii node-inherits 2.0.3-1
ii node-ini 1.3.4-1
ii node-is-npm 1.0.0-1
ii node-is-typedarray 1.0.0-2
ii node-isstream 0.1.2+dfsg-1
ii node-jsonstream 1.3.2-1
ii node-latest-version 3.1.0-1
ii node-lazy-property 1.0.0-1
ii node-lockfile 0.4.1-1
ii node-lru-cache 4.1.1-1
ii node-minimatch 3.0.4-3
ii node-mkdirp 0.5.1-1
ii node-move-concurrently 1.0.1-1
ii node-nopt 3.0.6-3
ii node-normalize-package-data 2.3.5-2
ii node-npmlog 4.1.2-1
ii node-once 1.4.0-2
ii node-opener 1.4.3-1
ii node-osenv 0.1.4-1
ii node-path-is-inside 1.0.2-1
ii node-performance-now 2.1.0+debian-1
ii node-promise-inflight 1.0.1-1
ii node-read 1.0.7-1
ii node-read-package-json 1.2.4-1
ii node-readable-stream 2.3.6-1
ii node-request 2.26.1-1
ii node-retry 0.10.1-1
ii node-rimraf 2.6.2-1
ii node-safe-buffer 5.1.2-1
ii node-semver 5.4.1-1
ii node-semver-diff 2.1.0-2
ii node-set-blocking 2.0.0-1
ii node-sha 1.2.3-1
ii node-slide 1.1.6-1
ii node-sorted-object 2.0.1-1
ii node-stringstream 0.0.6-1
ii node-strip-ansi 4.0.0-1
ii node-tar 4.4.4+ds1-2
ii node-tough-cookie 2.3.4+dfsg-1
ii node-uid-number 0.0.6-1
ii node-underscore 1.8.3~dfsg-1
ii node-unique-filename 1.1.0+ds-2
ii node-unpipe 1.0.0-1
ii node-validate-npm-package-license 3.0.1-1
ii node-which 1.3.0-1
ii node-wrappy 1.0.2-1
ii node-yargs 10.0.3-2
ii nodejs 8.11.2~dfsg-1
npm recommends no packages.
npm suggests no packages.
-- no debconf information
--
Regards,
Shirish Agarwal शिरीष अग्रवाल
My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8
More information about the Pkg-javascript-devel
mailing list