Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
found 1 high severity vulnerability(angular material installation)
See original GitHub issueI tried to install angular material using npm install @angular/material --save but the result was:
npm WARN @angular/material@7.3.7 requires a peer of @angular/cdk@7.3.7 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.9 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.9: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
+ @angular/material@7.3.7
updated 1 package and audited 42613 packages in 16.398s
found 1 high severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
I also tried npm audit fix and got this result:
npm WARN @angular/material@7.3.7 requires a peer of @angular/cdk@7.3.7 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.9 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.9: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
up to date in 7.989s
fixed 0 of 1 vulnerability in 42613 scanned packages
1 vulnerability required manual review and could not be updated
Then I tried nmp audit and this is the result:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Arbitrary File Overwrite
Package tar
Patched in >=4.4.2
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > node-sass > node-gyp > tar
More info https://nodesecurity.io/advisories/803
found 1 high severity vulnerability in 42613 scanned packages
1 vulnerability requires manual review. See the full report for details.
Why do I get this error and how can I fix it?
Issue Analytics
- State:
- Created 4 years ago
- Reactions:11
- Comments:9 (3 by maintainers)
Top Results From Across the Web
found 1 high severity vulnerability(angular material installation)
I tried to install angular material using npm ...
Read more >Npm_Install '1 High Severity Vulnerability' Node Version
I tried to install angular material using npm install @angular/material save but the result was: npm WARN @angular/material@7.3.7 requires. Steps to reproduce.
Read more >Don't be alarmed by vulnerabilities after running NPM Install
Results of running NPM install with a list of vulnerabilities found in packages from the default SPFx v1.6 web part project.
Read more >4 packages are looking for funding run `npm fund` for details 2 ...
I am getting npm fund warnings when I am trying to install Angular packages: Asked Nov 11, 2020 • 0 votes 1 ......
Read more >Node.js, how to solve vulnerability issues? - YouTube
49K views 1 year ago. 49,198 views • Mar 21, 2021. Node. js, how to solve vulnerability issues? That is the question that...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
The solution of this question solved my problem too, but don’t know how safe/recommended is it? https://stackoverflow.com/questions/55635378/npm-audit-arbitrary-file-overwrite/55649551#55649551
Duplicate of https://github.com/angular/angular-cli/issues/14138