Navigation

    SmartAPI Forum
    • Register
    • Login
    • Search
    • Categories
    • Popular
    • Groups
    • FAQs
    • API Docs

    not able to "npm install smartapi-javascript"

    Bugs
    0
    1
    1
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Punith last edited by

      i am getting this vulnerabilities message, plz help me solvve this.i just pasted the complete install and audit fix output.

      PS C:\Users\PC\Desktop\alldesktop\Stock Market\JAVA SDK> npm install smartapi-javascript

      56 packages are looking for funding
      run npm fund for details

      7 vulnerabilities (2 moderate, 5 high)

      To address issues that do not require attention, run:
      npm audit fix

      Some issues need review, and may require choosing
      a different dependency.

      Run npm audit for details.
      PS C:\Users\PC\Desktop\alldesktop\Stock Market\JAVA SDK> npm audit fix

      up to date, audited 406 packages in 3s

      56 packages are looking for funding
      run npm fund for details

      npm audit report

      axios <=0.27.2
      Severity: high
      Axios vulnerable to Server-Side Request Forgery - https://github.com/advisories/GHSA-4w2v-q235-vp99
      axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
      Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
      No fix available
      node_modules/smartapi-javascript/node_modules/axios
      smartapi-javascript *
      Depends on vulnerable versions of axios
      Depends on vulnerable versions of public-ip
      Depends on vulnerable versions of sinon
      node_modules/smartapi-javascript

      got <11.8.5
      Severity: moderate
      Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
      fix available via npm audit fix
      node_modules/got
      public-ip 2.1.0 - 4.0.4
      Depends on vulnerable versions of got
      node_modules/public-ip

      path-to-regexp 0.2.0 - 7.2.0
      Severity: high
      path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
      No fix available
      node_modules/nise/node_modules/path-to-regexp
      nise *
      Depends on vulnerable versions of path-to-regexp
      node_modules/nise
      sinon >=3.0.0
      Depends on vulnerable versions of nise
      node_modules/sinon

      7 vulnerabilities (2 moderate, 5 high)

      To address issues that do not require attention, run:
      npm audit fix

      Some issues need review, and may require choosing
      a different dependency.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post