quer/the-steam-awards

21 vulnerabilities (11 moderate, 6 high, 4 critical)

idimo opened this issue · 5 comments

idimo commented

What am I doing wrong?

node js 16.13.2 is installed in the system

image

quer commented

all shoud be as expected.
you just have som setting to show warnings.

what happens when you use the project ?

i do not offen do a clean install. but you are right it shows some vulnerabilities, from what i did not know.
i will see if there is any think i can do about that in the furture.

quer commented

A fast local fix, is to run npm audit fix and then remove the folder node_modules and file package-lock.json and then run npm install and then npm audit fix

Then there shoud only be one high think left. But by doing this, i cant ensure all work as it shoud. Will look into it.
The one that i have that is still not fixed is:

csv-parse  <4.4.6
Severity: high
Regular Expression Denial of Service in csv-parse - https://github.com/advisories/GHSA-582f-p4pg-xc74
fix available via `npm audit fix`
node_modules/steam/node_modules/csv-parse

1 high severity vulnerability
idimo commented

did as you said

A fast local fix, is to run npm audit fix and then remove the folder node_modules and file package-lock.json and then run npm install and then npm audit fix

the launch outputs this:

image

maybe there is a way to run this script in docker?

Don't audit fix, just delete everything then re-download the project again
run in npm install and ignore all those vulnerabilities... and you are good to go.

quer commented

i did have a small look, into the warnings. as the module Steam is archived. and will not have any other updates. i cant fix all the warning. if you use npm audit fix it will just not work. it will remove the warning. but then the npm steam module, will not work.