Version without all the react native code and dependencies?

Question

Version without all the react native code and dependencies?

nitelite opened this issue a year ago · 3 comments

I was looking through all the dependencies that were listed as having security related problems in my prosjekt and it seems this library also includes code/libraries that are specific to React Native? I am looking to reduce the number of external dependencies in my project as much as possible, so there are less security-related notifications to follow up on. Is there a fork or a version of this library that only include the parts needed to run in a browser? (or if I have misunderstood the dependencies included, let me know...)

Answer 1 · 2024-08-11T14:56:13.000Z

Thank you for filing an issue! Please be patient. :-) Dont forget to add yourself to the contributors array in package.json! Have a great day!

Answer 2 · 2024-11-13T01:38:43.000Z

Hi there! Apologies for exceptionally long delay, I've been really busy with life outside of Github.

The package currently ships together, a version for node.js and a version for use with browser. The dependencies for both should be very close to the same. I'm not aware of anything referencing React Native, although I think there is some React code in one of the sample apps that is inside the source depot...

can you be more specific as to which dependencies? That would help me with isolating them or updating or whatever.

Answer 3 · 2024-11-27T18:48:14.000Z

can you be more specific as to which dependencies? That would help me with isolating them or updating or whatever.

D:[Programming]\HTML\Quagga2\quagga2>npm audit

npm audit report

request *
Severity: moderate
Server-Side Request Forgery in Request - GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
get-pixels >=2.0.0
Depends on vulnerable versions of request
node_modules/get-pixels
@ericblade/quagga2 *
Depends on vulnerable versions of get-pixels
node_modules/@ericblade/quagga2

tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie

4 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

up to date, audited 893 packages in 3s

151 packages are looking for funding
run npm fund for details

4 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Run npm audit for details.

D:[Programming]\HTML\Quagga2\quagga2>npm run build

@ericblade/quagga2@1.8.4 build
npx cross-env NODE_OPTIONS=--openssl-legacy-provider npm run build-old

@ericblade/quagga2@1.8.4 build-old
npm run check-types && npm run build:dev && npm run build:prod && npm run build:node

@ericblade/quagga2@1.8.4 check-types
tsc

@ericblade/quagga2@1.8.4 build:dev
npx cross-env NODE_ENV=development BUILD_ENV=development webpack --config configs/webpack.config.js

[webpack-cli] Invalid configuration object. Webpack has been initialized using a configuration object that does not match the API schema.

configuration.node has an unknown property 'fs'. These properties are valid:
object { __dirname?, __filename?, global? }
-> Options object for node compatibility features.

D:[Programming]\HTML\Quagga2\quagga2>