irossimoline/angular4-material-table

vulnerabilities in npm Package

Closed this issue · 2 comments

techievinoth commented

I have tried installing the package, It has displayed on installation complete.
found 15 vulnerabilities (4 low, 5 moderate, 6 high)

irossimoline commented

Hi @techievinoth,

I've tried to install it on a sample project I have with Angular 6, and I'm not receiving any warning:
npm install angular4-material-table@0.6.4 --save

I have few questions:

  • Which angular4-material-table version are you trying to install and which Angular version do you have on your project?
  • Do you have your @angular packages updated?
  • Which version of npm do you have? npm -v

I think those vulnerabilities does not come from the package itself, but from the package dependencies.
The package depends on:

  • Few @angular packages: @angular/common, @angular/core, @angular/forms, @angular/cdk.
  • rxjs (which is also an @angular dependency).
  • zone.js (which is also an @angular dependency).
  • core-js (which is also an @angular dependency).
  • lodash.clonedeep, which is the only dependency that is not included at @angular.
irossimoline commented

I'm closing this issue as no answer was received, and the dependencies included are the expected dependencies from angular, with the exception of a lodash function.

If you have any additional question please feel free to open a new issue.