Last active
December 13, 2021 03:05
-
-
Save hahastudio/a4ac1fcf9ea02b792ffdfca0331bf07a to your computer and use it in GitHub Desktop.
Revisions
-
hahastudio revised this gist
Dec 13, 2021 . 1 changed file with 75 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -61,4 +61,78 @@ node_modules/tar 3 high severity vulnerabilities To address all issues (including breaking changes), run: npm audit fix --force PS C:\Codes\playground\test-npm> npx create-react-app my-app Creating a new React app in C:\Codes\playground\test-npm\my-app. Installing packages. This might take a couple of minutes. Installing react, react-dom, and react-scripts with cra-template... added 1899 packages, and audited 1900 packages in 2m 153 packages are looking for funding run `npm fund` for details 27 vulnerabilities (16 moderate, 9 high, 2 critical) To address all issues, run: npm audit fix Run `npm audit` for details. Initialized a git repository. Installing template dependencies using npm... added 58 packages, and audited 1958 packages in 13s 154 packages are looking for funding run `npm fund` for details 27 vulnerabilities (16 moderate, 9 high, 2 critical) To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. Removing template package using npm... removed 1 package, and audited 1957 packages in 4s 154 packages are looking for funding run `npm fund` for details 27 vulnerabilities (16 moderate, 9 high, 2 critical) To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. Created git commit. Success! Created my-app at C:\Codes\playground\test-npm\my-app Inside that directory, you can run several commands: npm start Starts the development server. npm run build Bundles the app into static files for production. npm test Starts the test runner. npm run eject Removes this tool and copies build dependencies, configuration files and scripts into the app directory. If you do this, you can’t go back! We suggest that you begin by typing: cd my-app npm start Happy hacking -
Dec 13, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,64 @@ npm http fetch GET 200 https://registry.npmjs.org/tar/-/tar-2.2.2.tgz 1693ms (cache miss) npm WARN deprecated [email protected]: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap. npm timing reifyNode:node_modules/tar Completed in 1770ms npm timing reify:unpack Completed in 1773ms npm timing reify:unretire Completed in 1ms npm timing build:queue Completed in 5ms npm timing build:link:node_modules/tmp/node_modules/rimraf Completed in 27ms npm timing build:link:node_modules/create-react-app Completed in 31ms npm timing build:link:node_modules/envinfo Completed in 30ms npm timing build:link:node_modules/rimraf Completed in 31ms npm timing build:link:node_modules/mkdirp Completed in 32ms npm timing build:link:node_modules/which Completed in 32ms npm timing build:link:node_modules/semver Completed in 35ms npm timing build:link Completed in 38ms npm timing build:deps Completed in 46ms npm timing build Completed in 47ms npm timing reify:build Completed in 50ms npm timing reify:trash Completed in 0ms npm timing reify:save Completed in 44ms npm timing reify Completed in 8275ms added 67 packages, and audited 68 packages in 9s 4 packages are looking for funding run `npm fund` for details 3 high severity vulnerabilities To address all issues, run: npm audit fix Run `npm audit` for details. npm timing command:install Completed in 8301ms npm timing npm Completed in 8765ms npm info ok PS C:\Codes\playground\test-npm> npm audit fix up to date, audited 68 packages in 2s 4 packages are looking for funding run `npm fund` for details # npm audit report tar <=4.4.17 Severity: high Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/tar tar-pack * Depends on vulnerable versions of tar node_modules/tar-pack create-react-app >=1.3.0-alpha.58689133 Depends on vulnerable versions of tar-pack node_modules/create-react-app 3 high severity vulnerabilities To address all issues (including breaking changes), run: npm audit fix --force