Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npm install in chapter-zero warns of high severity vulnerabilities #32

Open
reillysiemens opened this issue Aug 22, 2018 · 4 comments
Open

Comments

@reillysiemens
Copy link

Describe the bug
Running the initial npm installon the chapter-zero branch results in a warning about high severity vulnerabilities.

To Reproduce
Steps to reproduce the behavior:

  1. git clone https://github.com/rustwasm/wasm_game_of_life.git
  2. cd wasm_game_of_life
  3. git checkout -b chapter-zero origin/chapter-zero
  4. npm install

Expected behavior
npm install requires no audit fixes to install JavaScript dependencies without warning.

Screenshots
npm-package-security-advisories

Additional context
In this case the vulnerabilities I saw were actually just one vulnerability that was filed recently and has already been patched. It's no trouble to run npm audit fix, but I think that slows readers down. Worrying about whether they need to take care of vulnerabilities might detract from the goal of learning about WebAssembly and Rust.

For what it's worth, I'm using

  • nvm - v0.33.11
  • Node.js - v10.9.0
  • npm - v6.4.0
  • Git - v2.17.1

I believe this can be easily resolved by running the audit fixes and the committing the updated package-lock.json, but I've no idea what effect that will have on the branching structure for the repo.

@mgattozzi
Copy link
Contributor

Hey @reillysiemens thanks for filing this! We recently restructured this repo to contain only the final code. Does this exist for the current version of the repo?

@reillysiemens
Copy link
Author

@mgattozzi, I see that this repository was recently restructured to no longer use submodules. If you mean

Does this exist without using submodules?

then yes, the current chapter-zero branch has this issue without the use of submodules.

@Zireael07
Copy link

Still an issue in chapter-zero branch.

@fox-daniel
Copy link

It is still an issue. I received a warning of 36 vulnerabilities (1 low, 3 moderate, 27 high, 5 critical) with node v19.4.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants