npm WARN deprecated loadsh@0.0.3: This is a typosquat on the popular Lodash pack age. This is not maintained nor is the original Lodash package

Question

npm WARN deprecated loadsh@0.0.3: This is a typosquat on the popular Lodash pack age. This is not maintained nor is the original Lodash package

mahoneyl opened this issue 3 years ago · 1 comments

Describe the bug
Using example: https://github.com/IBM/ibmi-oss-examples/tree/master/nodejs/grafana-backend
Installing grafana-backend on an IBM i. After pulling the repo to the local machine and running npm i I get a warning telling me that one of the node-modules included in the package is a typosquat

To Reproduce
Install the package as described in the getting started page
https://github.com/IBM/ibmi-oss-examples/tree/master/nodejs/grafana-backend

Expected behavior
Secure, no typosquatted packages.

Additional context
I see that on the index.js that
there is const _ = require('lodash'); but nothing for loadsh is it possible to just npm un loadash from the project without obstructing the grafana project?

Answer 1 · 2021-08-02T15:58:42.000Z

Thank you!