Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
AlgoRythm50923214dIt sounds like an average nodejs / javascript job, so, you're going to kill yourself within the month.
-
IHateForALiving2806214dnpm is very trigger happy when it comes about warnings. Run npm audit fix if it bothers you, or ignore them otherwise.
-
IHateForALiving2806213d@jestdotty someone built the project with dependency vX.Y.Z, that's what you download.
Then a vulnerability is discovered later and a patch is released, you download the project and install the dependencies the project is supposed to run with.
NPM realizes some of those dependencies have vulnerabilities, shows you a warning.
But NPM is not going to change your project by its own will and risk breaking behavior you have already accounted for; updating dependencies is always a risk and it's something you consciously decide, not something that just so happens out of nowhere.
Related Rants
Holy heavens! I'm gonna work with a js framework at my day job.
After installing nodejs I'm immediately greeted by a warning that something is somehow broken. Installing the packages for the barebones repo leads to hundreds of dependencies and vulnerability warnings. I don't even know anything beyond document.getElementById().
On a scale of 1 to Squidward Tentacles, how much am I gonna hate my job?
rant
js
react