Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Oddities with npm
See original GitHub issue-
Why do we have
v1.3.1on npmjs? -
Why npm 7 is suggesting me to upgrade to
@ericblade/quagga2 @ 0.0.1? -
Why
npm auditshows the below?# npm audit report netmask <2.0.1 Severity: high netmask npm package vulnerable to octal input data - https://npmjs.com/advisories/1658 fix available via `npm audit fix --force` Will install @ericblade/quagga2@0.0.1, which is a breaking change node_modules/netmask pac-resolver * Depends on vulnerable versions of netmask node_modules/pac-resolver pac-proxy-agent * Depends on vulnerable versions of pac-resolver node_modules/pac-proxy-agent proxy-agent >=1.1.0 Depends on vulnerable versions of pac-proxy-agent node_modules/proxy-agent snyk 1.0.0-dev-0448474ef2a9d3009ecc6998307a398ff16a6b15 - 1.0.0-dev-fc3db6eac42b7609f7dc992551e3718ce0009604 || >=1.76.0 Depends on vulnerable versions of proxy-agent node_modules/snyk @ericblade/quagga2 >=0.0.2 Depends on vulnerable versions of snyk node_modules/@ericblade/quagga2 6 high severity vulnerabilities
In my package.json I have this:
"@ericblade/quagga2": "1.2.6",
which works great, but today I wanted to upgrade.
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
oddity - npm
Oddity provides tool for extracting and formatting Open Data; it is based on streams. How to use it ? Installation. npm install oddity...
Read more >Seeing oddities with this recent release around dependencies
Seeing oddities with this recent release around dependencies. We use a CI/CD template that was working until 4 days ago in-line with the ......
Read more >Time of Day on Advanced Alerts - oddity - SolarWinds THWACK
I have my "Down WAN Sites" advanced alert set to trigger/reset only between 6am and 6pm. I found it odd that last night...
Read more >npm Blog Archive: npm@2.0.0
If you've been using npm@1.4 , it's a substantial update, ... for those who don't want to deal with semver 0.0.x oddities (@rvagg)....
Read more >Malicious NPM packages are part of a malware “barrage ...
Researchers have found another 17 malicious packages in an open source repository, as the use of such repositories to spread malware ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
i haven’t perfected the automatic release process, and i probably forgot to submit a tag 😃 thanks for pointing it out
snyk has been removed, we’re a couple of releases ahead now, i don’t think there’s much actionable here