I'm starting a brand new project with react-js, after installing the project with npm, I get high severity vulnerabilities, how can I fix these vulnerabilities? would it cause any problems?
when I run the command npm start everything seems to work just fine.
I have tried running "npm audit fix" but it says: fixed 0 of 8646 vulnerabilities.
When I run this command:
npx create-react-app my-app
OUTPUT:
npx: installed 91 in 27.693s
Creating a new React app in E:\My project\ReactJS\Training\my-app.
Installing packages. This might take a couple of minutes.
Installing react, react-dom, and react-scripts...
> core-js#2.6.9 postinstall E:\My project\ReactJS\Training\my-app\node_modules\babel-runtime\node_modules\core-js
> node scripts/postinstall || echo "ignore"
> core-js-pure#3.1.4 postinstall E:\My project\ReactJS\Training\my-app\node_modules\core-js-pure
> node scripts/postinstall || echo "ignore"
+ react-dom#16.8.6
+ react#16.8.6
+ react-scripts#3.0.1
added 1411 packages from 726 contributors and audited 902137 packages in 287.343s
found 8646 high severity vulnerabilities
run `npm audit fix` to fix them, or `npm audit` for details
Initialized a git repository.
Success! Created my-app at E:\My project\ReactJS\Training\my-app
Inside that directory, you can run several commands:
npm start
Starts the development server.
npm run build
Bundles the app into static files for production.
npm test
Starts the test runner.
npm run eject
Removes this tool and copies build dependencies, configuration files
and scripts into the app directory. If you do this, you can’t go back!
We suggest that you begin by typing:
cd my-app
npm start
Happy hacking!
After that, I tried running this:
npm audit fix
OUTPUT:
npm WARN #typescript-eslint/eslint-plugin#1.6.0 requires a peer of typescript#* but none
is installed. You must install peer dependencies yourself.
npm WARN #typescript-eslint/parser#1.6.0 requires a peer of typescript#* but none is installed. You must install peer dependencies yourself.
npm WARN #typescript-eslint/typescript-estree#1.6.0 requires a peer of typescript#* but none is installed. You must install peer dependencies yourself.
npm WARN ts-pnp#1.1.2 requires a peer of typescript#* but none is installed. You must install peer dependencies yourself.
npm WARN tsutils#3.14.0 requires a peer of typescript#>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.9 (node_modules\jest-haste-map\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.9: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.9 (node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.9: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#2.0.6 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#2.0.6: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
up to date in 10.513s
fixed 0 of 8646 vulnerabilities in 902137 scanned packages
8646 vulnerabilities required manual review and could not be updated
I believe there is nothing to worry about according to gaearon
"This is not a real “vulnerability” in the context of Create React App because it produces static bundles. So it can’t possibly affect you in any way.
The false positive warnings are unfortunate."
EDIT: For me currently is says there are now 0 vulnerabilities
Related
I'm trying to upload my code onto a server but it won't allow me because of moderate vulnerabilities. I've narrowed down my issue to an old version postcss downloaded from installing react app, specifically react-scripts. I've tried uninstalling postcss and react-scripts then installing postcss first, but whenever I do the installation it installs a bad version in its dependencies on node-modules folder.
Log of some of the errors in case my issues without postcss
Moderate Regular Expression Denial of Service
Package postcss
Patched in >=8.2.10
Dependency of react-scripts
Path react-scripts > postcss-preset-env > postcss-place > postcss
More info https://npmjs.com/advisories/1693
Moderate Regular Expression Denial of Service
Package postcss
Patched in >=8.2.10
Dependency of react-scripts
Path react-scripts > postcss-preset-env >
postcss-pseudo-class-any-link > postcss
More info https://npmjs.com/advisories/1693
Moderate Regular Expression Denial of Service
Package postcss
Patched in >=8.2.10
Dependency of react-scripts
Path react-scripts > postcss-preset-env >
postcss-replace-overflow-wrap > postcss
More info https://npmjs.com/advisories/1693
Log of my uninstall/reinstall to show its the react-scripts
found 79 moderate severity vulnerabilities in 1994 scanned packages
79 vulnerabilities require manual review. See the full report for details.
PS C:\Users\pet22\JavaScriptProjects\skp-forum\front> npm uninstall react-scripts
removed 1839 packages and audited 152 packages in 17.069s
10 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
PS C:\Users\pet22\JavaScriptProjects\skp-forum\front> npm i react-scripts
npm WARN deprecated babel-eslint#10.1.0: babel-eslint is now #babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated resolve-url#0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated urix#0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated request-promise-native#1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated request#2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator#5.1.5: this library is no longer supported
npm WARN deprecated chokidar#2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated fsevents#1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated rollup-plugin-babel#4.4.0: This package has been deprecated and is no longer maintained. Please use #rollup/plugin-babel.
npm WARN deprecated #hapi/joi#15.1.1: Switch to 'npm install joi'
npm WARN deprecated #hapi/hoek#8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated #hapi/address#2.1.4: Moved to 'npm install #sideway/address'
npm WARN deprecated #hapi/bourne#1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated #hapi/topo#3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated core-js#2.6.12: core-js#<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js#3.
> core-js#2.6.12 postinstall C:\Users\pet22\JavaScriptProjects\skp-forum\front\node_modules\babel-runtime\node_modules\core-js
> node -e "try{require('./postinstall')}catch(e){}"
Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!
The project needs your help! Please consider supporting of core-js on Open Collective or Patreon:
> https://opencollective.com/core-js
> https://www.patreon.com/zloirock
Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)
> core-js#3.12.1 postinstall C:\Users\pet22\JavaScriptProjects\skp-forum\front\node_modules\core-js
> node -e "try{require('./postinstall')}catch(e){}"
> ejs#2.7.4 postinstall C:\Users\pet22\JavaScriptProjects\skp-forum\front\node_modules\ejs
> node ./postinstall.js
Thank you for installing EJS: built with the Jake JavaScript build tool (https://jakejs.com/)
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#^2.1.3 (node_modules\react-scripts\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#^1.2.7 (node_modules\watchpack-chokidar2\node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#^1.2.7 (node_modules\webpack-dev-server\node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN #babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining#7.13.12 requires a peer of #babel/core#^7.13.0 but none is installed. You must install peer dependencies yourself.
npm WARN tsutils#3.21.0 requires a peer of typescript#>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer
dependencies yourself.
+ react-scripts#4.0.3
added 1839 packages from 659 contributors and audited 1994 packages in 57.301s
139 packages are looking for funding
run `npm fund` for details
found 79 moderate severity vulnerabilities
run `npm audit fix` to fix them, or `npm audit` for details
npm audit fix does nothing for me.
Question: How do I install react-scripts without installing postcss lower than 8.2.10?
I solved the problem for myself temporarily with better npm audit. better npm audit
You have to create some .nsprc file on top level and add the exception according the example (number 1693). Put the audit command into the package.json and maybe change the build script (instead of "npm audit" you should use "npm run audit").
This is not fixing the original issue, but at least builds are not failing anymore.
I get some warnings and errors messages when try to create a react.js app using the command npx creat-react-app
here is the terminal output containing the errors I get. also I wanna specify that when the react.js app is created regardless of these errors it's actually working. but I'm afraid of that if there is something missing. Node.js and all of the required tools are installed as well.
Node.js version: LTS Version 12.18.4 (includes npm 6.14.6)
C:\Users\Administrator\Desktop\cmder
λ npx create-react-app my-app
Creating a new React app in C:\Users\Administrator\Desktop\cmder\my-app.
Installing packages. This might take a couple of minutes.
Installing react, react-dom, and react-scripts with cra-template...
> core-js#2.6.11 postinstall C:\Users\Administrator\Desktop\cmder\my-app\node_modules\babel-runtime\node_modules\core-js
> node -e "try{require('./postinstall')}catch(e){}"
> core-js#3.6.5 postinstall C:\Users\Administrator\Desktop\cmder\my-app\node_modules\core-js
> node -e "try{require('./postinstall')}catch(e){}"
> core-js-pure#3.6.5 postinstall C:\Users\Administrator\Desktop\cmder\my-app\node_modules\core-js-pure
> node -e "try{require('./postinstall')}catch(e){}"
+ react-dom#16.13.1
+ react-scripts#3.4.3
+ cra-template#1.0.3
+ react#16.13.1
added 1598 packages from 746 contributors and audited 1602 packages in 65.645s
69 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
Initialized a git repository.
Installing template dependencies using npm...
npm WARN tsutils#3.17.1 requires a peer of typescript#>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#2.1.2 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#2.1.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.13 (node_modules\jest-haste-map\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.13 (node_modules\watchpack-chokidar2\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.13 (node_modules\webpack-dev-server\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
+ #testing-library/user-event#7.2.1
+ #testing-library/jest-dom#4.2.4
+ #testing-library/react#9.5.0
added 36 packages from 57 contributors and audited 1638 packages in 13.978s
69 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
Removing template package using npm...
npm WARN tsutils#3.17.1 requires a peer of typescript#>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#2.1.2 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#2.1.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.13 (node_modules\jest-haste-map\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.13 (node_modules\watchpack-chokidar2\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.13 (node_modules\webpack-dev-server\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
removed 1 package and audited 1637 packages in 10.641s
69 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
Git commit not created Error: Command failed: git commit -m "Initialize project using Create React App"
at checkExecSyncError (child_process.js:630:11)
at execSync (child_process.js:666:15)
at tryGitCommit (C:\Users\Administrator\Desktop\cmder\my-app\node_modules\react-scripts\scripts\init.js:62:5)
at module.exports (C:\Users\Administrator\Desktop\cmder\my-app\node_modules\react-scripts\scripts\init.js:334:25)
at [eval]:3:14
at Script.runInThisContext (vm.js:120:18)
at Object.runInThisContext (vm.js:309:38)
at Object.<anonymous> ([eval]-wrapper:10:26)
at Module._compile (internal/modules/cjs/loader.js:1137:30)
at evalScript (internal/process/execution.js:94:25) {
status: 128,
signal: null,
output: [ null, null, null ],
pid: 1532,
stdout: null,
stderr: null
}
Removing .git directory...
Success! Created my-app at C:\Users\Administrator\Desktop\cmder\my-app
Inside that directory, you can run several commands:
npm start
Starts the development server.
npm run build
Bundles the app into static files for production.
npm test
Starts the test runner.
npm run eject
Removes this tool and copies build dependencies, configuration files
and scripts into the app directory. If you do this, you can’t go back!
We suggest that you begin by typing:
cd my-app
npm start
Happy hacking!
Git commit not created Error: Command failed: git commit -m
"Initialize project using Create React App"
Seems like you don't have git installed. Install git if you want cra to initialize a git repository. If you don't plan on using git, you should just ignore the error.
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#2.1.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
This is an optional dependency for mac (darwin)
This thread points out that you can use npm install --no-optional to prevent warning from happening.
npm WARN tsutils#3.17.1 requires a peer of typescript#>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer dependencies yourself.
Seems like cra use typescript and ask you to install a version a typescript above 2.8.0.
npm i -g typescript
should solve the problem
I'm actually experimenting with Laravel and npm, and i struggle to use Bootstrap Tags Input lib inside my app (also as any other npm installed lib).
It seems pretty easy but i'm missing something here.
What i did:
Install dependencie
λ npm i bootstrap-tagsinput
npm WARN sass-loader#8.0.2 requires a peer of node-sass#^4.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN sass-loader#8.0.2 requires a peer of fibers#>= 3.1.0 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.13 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#2.1.3 (node_modules\watchpack\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
+ bootstrap-tagsinput#0.7.1
added 1 package from 2 contributors and audited 1088 packages in 4.143s
found 2 vulnerabilities (1 low, 1 high)
run `npm audit fix` to fix them, or `npm audit` for details
λ npm install
npm WARN sass-loader#8.0.2 requires a peer of node-sass#^4.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN sass-loader#8.0.2 requires a peer of fibers#>= 3.1.0 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.13 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#2.1.3 (node_modules\watchpack\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
audited 1088 packages in 3.31s
found 2 vulnerabilities (1 low, 1 high)
run `npm audit fix` to fix them, or `npm audit` for details
Link the lib to my current source files
Inside my /resources/js/app.js file :
require('bootstrap-tagsinput/src/bootstrap-tagsinput');
I've tried stuff like window.BootstrapTagsInput = require('bootstrap-tagsinput/src/bootstrap-tagsinput'); Did not work any better.
Inside my resources/css/app.scss file :
// Bootstrap-tagsinput
#import '~bootstrap-tagsinput/src/bootstrap-tagsinput.css';
#import '~bootstrap-tagsinput/src/bootstrap-tagsinput-typeahead.css';
In my resources/views/layout/app.blade.php :
<div id="app" class="h-100">
<input type="text" value="Amsterdam,Washington,Sydney,Beijing,Cairo" data-role="tagsinput" />
</div>
Compile
npm run watch
DONE Compiled successfully in 4475ms 12:39:08 AM
Asset Size Chunks Chunk Names
/css/app.css 179 KiB /js/app [emitted] /js/app
/js/app.js 1.4 MiB /js/app [emitted] /js/app
Result
What i have
https://i.stack.imgur.com/PXMd4.png
What i'm supposed to have:
https://i.stack.imgur.com/0wZz0.png
Conclusion
I've searched the answer to my question on many posts already, but nothing seems to work on my case.
Many thanks to anybody who will try to help me on this, really appreciate 🙏.
Update
Ok, turns out that the installation process was good, everything is finally working well, sorry for your time 🙏.
Why not just use the latest stable version of Bootstrap? Your package doesn't seem to be up to date and maintained. Bootstrap 5 will be coming out soon.
https://getbootstrap.com/docs/4.5/components/badge/
npm install bootstrap
Turns out that the installation process of the plugin was good, and I simply had a minor issue in my dev environment.
I'm new to AngularJS and I'm currently working on building an application on Ubuntu. When I'm trying to install Chart.js using npm install chart.js, it is throwing the following error.
npm WARN karma-jasmine-html-reporter#1.5.1 requires a peer of jasmine-core#>=3.5 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.11 (node_modules/webpack-dev-server/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.11: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.11 (node_modules/watchpack/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.11: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.11 (node_modules/karma/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.11: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.11 (node_modules/#angular/compiler-cli/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.11: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#2.1.2 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#2.1.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
+ chart.js#2.9.3
updated 1 package and audited 19058 packages in 9.013s
23 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
What does this error mean?
How do I fix this?
Is there any other way to include Chart.js in my project other than the install command?
There are 0 vulnerabilities in your install. what you call error is just WARN means warnings, which can be ignored, Chart.js has successfully installed. you should be good to go.
If you want to get rid of these warnings, as it says You must install peer dependencies yourself.
Try npm install jasmine-core#>=3.5
npm decided to add a new command: npm fund that will provide more visibility to npm users on what dependencies are actively looking for ways to fund their work.
npm install will also show a single message at the end in order to let user aware that dependencies are looking for funding, it looks like this:
$ npm install
13 packages are looking for funding.
run `npm fund` for details.
Running npm fund will open the url listed for that given package right in your browser.
npm funding does not mean that the package is not installed , your package is successfully installed.
please check this for more information
you didnt get any errors only warnings, you can ignore them.
first of all you can download manually from https://github.com/jtblin/angular-chart.js
but you already installed them from npm so try to include it in your project
when you load your angular module dont forget to use
angular.module('myModule', ['chart.js']);
let us know if you were able to use it , best of luck !
When I run npm install on a sample project I get the result below
npm install
> #okta/samples-js-vue#0.1.0 postinstall D:\home\projects\trunk\projects\VoiceToText\samples-js-vue
> npm run install-custom-login && npm run install-okta-hosted-login
> #okta/samples-js-vue#0.1.0 install-custom-login D:\home\projects\trunk\projects\VoiceToText\samples-js-vue
> cd custom-login && npm install --allow-root
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.4 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
audited 9983 packages in 11.244s
found 554 vulnerabilities (3 low, 14 moderate, 536 high, 1 critical)
run `npm audit fix` to fix them, or `npm audit` for details
> #okta/samples-js-vue#0.1.0 install-okta-hosted-login D:\home\projects\trunk\projects\VoiceToText\samples-js-vue
> cd okta-hosted-login && npm install
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.4 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
audited 9864 packages in 11.739s
found 551 vulnerabilities (3 low, 14 moderate, 533 high, 1 critical)
run `npm audit fix` to fix them, or `npm audit` for details
npm WARN eslint-plugin-eslint-plugin#2.1.0 requires a peer of eslint#>=5.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.9 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.9: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
audited 2069 packages in 35.602s
I then ran >npm audit fix
and got :
npm WARN eslint-plugin-eslint-plugin#2.1.0 requires a peer of eslint#>=5.0.0 but none is installed. You must install peer dependencies yourself.
I've tried installing eslint and eslint-plugin-eslint-plugin but I get the same problem.
Is this an accepted warning?
/D