npm WARN deprecated loadsh@0.0.3: This is a typosquat on the popular Lodash pack age. This is not maintained nor is the original Lodash package
mahoneyl opened this issue · 1 comments
Describe the bug
Using example: https://github.com/IBM/ibmi-oss-examples/tree/master/nodejs/grafana-backend
Installing grafana-backend on an IBM i. After pulling the repo to the local machine and running npm i
I get a warning telling me that one of the node-modules included in the package is a typosquat
To Reproduce
Install the package as described in the getting started page
https://github.com/IBM/ibmi-oss-examples/tree/master/nodejs/grafana-backend
Expected behavior
Secure, no typosquatted packages.
Additional context
I see that on the index.js that
there is const _ = require('lodash');
but nothing for loadsh
is it possible to just npm un loadash from the project without obstructing the grafana project?
Thank you!