Comments (4)
wraithgar
commented on August 25, 2024
from npmlog.
damianwadley
commented on August 25, 2024
Ah, didn't see you already had a PR for this. You move fast. Thanks!
from npmlog.
hi-artem
commented on August 25, 2024
Still looks like an issue with 6.0.0
`-- [email protected]
`-- [email protected]
+-- [email protected]
+-- [email protected]
| `-- [email protected] deduped
`-- [email protected]
`-- [email protected]
`-- [email protected]
`-- [email protected]from npmlog.
wraithgar
commented on August 25, 2024
Vulnerable versions only show up if you install the dependencies locally. Those are dev dependencies that cause this. When npmlog is installed as a module this is not an issue.
~/D/n/scratch $ rm -rf node_modules/ package-lock.json package.json;npm init -y;npm i npmlog;npm ls ansi-regex
Wrote to /Users/wraithgar/Development/npm/scratch/package.json:
{
"name": "scratch",
"version": "1.0.0",
"description": "",
"main": ".eslintrc.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "Gar <[email protected]>",
"license": "ISC"
}
added 21 packages, and audited 22 packages in 965ms
found 0 vulnerabilities
[email protected] /Users/wraithgar/Development/npm/scratch
└─┬ [email protected]
└─┬ [email protected]
├── [email protected]
└─┬ [email protected]
└── [email protected] dedupedETA: It is also possible that another dependency in your tree is pinning wide-align to a lower version since gauge has the semver ^1.1.2 in its package.json. Again this is not an npmlog or gauge problem as whatever is causing that older version to be in your tree would STILL cause it to be in your tree even if the semver for gauge was tightened up
from npmlog.
Related Issues (20)
- [ISSUE] how to use npmlog in a script? HOT 2
- Reporting a vulnerability HOT 1
- How can I set up to display a complete error log?
- Setting string stack of some Errors causes `cannot set property stack`...
- Get the level numeric value? HOT 1
- Reentrancy, multiple instances? HOT 2
- npmlog error: log.gauge.isEnabled is not a function
- Latest version has broken node-gyp HOT 3
- Add Typescript definition 💜 HOT 2
- TypeError: log.gauge.isEnabled is not a function HOT 4
- Why resolve stack traces to plain string? HOT 2
- Example for gauge/tracker usage HOT 1
- delete
- Install react-sripts and start react app on linux HOT 1
- [FEATURE] Disable log colors if environment variable is set HOT 3
- [BUG] v5.0.0 - Error: Cannot find module 'object-assign' HOT 2
- [BUG] Address CVE-2021-3807 HOT 3
- [BUG] Changelog not updated for v6 HOT 2
- Hide level, prefix in production HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from npmlog.