5 Replies Latest reply on Jun 22, 2018 2:49 PM by Martien van den Akker

    NPM vulnerability error when installing ojet cli

    Martien van den Akker

      Hi all,

       

      I just did a reïnstall of node v.8.11.3, for which is stated that it includes npm 5.6 (https://nodejs.org/en/download/ ).

      But after an install of oracle jet cli I got:

       

      C:\Program Files\nodejs>node --version
      v8.11.3

      C:\Program Files\nodejs>npm install -g @oracle/ojet-cli
      npm WARN notice [SECURITY] lodash has the following vulnerability: 1 low. Go here for more details: https://nodesecurity.io/advisories?search=lodash&version=3.10.1 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
      npm WARN notice [SECURITY] deep-extend has the following vulnerability: 1 low. Go here for more details: https://nodesecurity.io/advisories?search=deep-extend&version=0.4.2 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
      C:\Users\marti\AppData\Roaming\npm\ojet -> C:\Users\marti\AppData\Roaming\npm\node_modules\@oracle\ojet-cli\ojet.js

      > spawn-sync@1.0.15 postinstall C:\Users\marti\AppData\Roaming\npm\node_modules\@oracle\ojet-cli\node_modules\spawn-sync
      > node postinstall

      + @oracle/ojet-cli@5.1.0
      added 517 packages in 37.957s

      C:\Program Files\nodejs>npm --version
      5.6.0

       

      Now, apparently I can do an upgrade of npm. But is it necessary and how does this influence the dependencies of OJet.

       

      Also on the OJet getting started/prerequisite packages page (https://docs.oracle.com/en/middleware/jet/5.1/develop/prerequisites-developing-applications-oracle-jet.html#GUID-8A2D524… )

      I see a note that when having errors with npm, you can install a newer version with:

      npm install -g npm.

      How does that differ from the above suggested:

      npm i npm@latest

      ?

       

      Kind regards,
      Martien