Critical security vulnerability & unsupported in Node v16

Question

Critical security vulnerability & unsupported in Node v16

ETMitch21 opened this issue 3 years ago · 3 comments

Just installed using the follow command from this repository and received concerning feedback

Install command

npm install @woocommerce/woocommerce-rest-api

Result

npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: undefined,
npm WARN EBADENGINE   required: { node: '14' },
npm WARN EBADENGINE   current: { node: 'v16.13.1', npm: '8.1.2' }
npm WARN EBADENGINE }
npm WARN deprecated axios@0.19.2: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410

added 15 packages, and audited 251 packages in 2s

11 packages are looking for funding
  run `npm fund` for details

2 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

Not sure this library should be used in production as it stands today.

Answer 1 · 2021-12-31T14:43:45.000Z

I have the same, have you found a solution or an alternative?

Answer 2 · 2022-02-03T15:40:56.000Z

Axios seems to have been updated in this package but the version number has not been bumped and it has not been published to npm. @claudiosanches 🥺

Answer 3 · 2022-02-03T15:46:13.000Z

Currently working around by installing from github with:
yarn add @woocommerce/woocommerce-rest-api@https://github.com/woocommerce/woocommerce-rest-api-js-lib