1. Home
  2. Categories
  3. NodeJS SDK
  4. not able to "npm install smartapi-javascript"

not able to "npm install smartapi-javascript"

NodeJS SDK
Log in to reply
  • P

    i am getting this vulnerabilities message, plz help me solvve this.i just pasted the complete install and audit fix output.

    PS C:\Users\PC\Desktop\alldesktop\Stock Market\JAVA SDK> npm install smartapi-javascript

    56 packages are looking for funding
    run npm fund for details

    7 vulnerabilities (2 moderate, 5 high)

    To address issues that do not require attention, run:
    npm audit fix

    Some issues need review, and may require choosing
    a different dependency.

    Run npm audit for details.
    PS C:\Users\PC\Desktop\alldesktop\Stock Market\JAVA SDK> npm audit fix

    up to date, audited 406 packages in 3s

    56 packages are looking for funding
    run npm fund for details

    npm audit report

    axios <=0.27.2
    Severity: high
    Axios vulnerable to Server-Side Request Forgery - https://github.com/advisories/GHSA-4w2v-q235-vp99
    axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
    Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
    No fix available
    node_modules/smartapi-javascript/node_modules/axios
    smartapi-javascript *
    Depends on vulnerable versions of axios
    Depends on vulnerable versions of public-ip
    Depends on vulnerable versions of sinon
    node_modules/smartapi-javascript

    got <11.8.5
    Severity: moderate
    Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
    fix available via npm audit fix
    node_modules/got
    public-ip 2.1.0 - 4.0.4
    Depends on vulnerable versions of got
    node_modules/public-ip

    path-to-regexp 0.2.0 - 7.2.0
    Severity: high
    path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
    No fix available
    node_modules/nise/node_modules/path-to-regexp
    nise *
    Depends on vulnerable versions of path-to-regexp
    node_modules/nise
    sinon >=3.0.0
    Depends on vulnerable versions of nise
    node_modules/sinon

    7 vulnerabilities (2 moderate, 5 high)

    To address issues that do not require attention, run:
    npm audit fix

    Some issues need review, and may require choosing
    a different dependency.

    0