npm showing severity vulnerabilities Laravel in ubuntu 18.04 LTS - laravel

running command npm install laravel-mix cross-env --save-dev from web/themes/custom/cp_bootstrap4 directory npm showing severity vulnerabilities Laravel in ubuntu 18.04 LTS
added 744 packages from 474 contributors and audited 745 packages in 90.492s
found 1 moderate severity vulnerability
I have tried commands
1. npm audit fix
2. npm audit fix --force
but 1 severity vulnerabilities not solved.
Output of above command
npm audit security report
Manual Review
Some vulnerabilities require your attention to resolve
Moderate file-type vulnerable to Infinite Loop via malformed MKV file
Package file-type
Patched in >=16.5.4
Dependency of laravel-mix [dev]
Path laravel-mix > imagemin > file-type
my sub-theme package.json
{
"name": "cp_bootstrap4",
"version": "1.0.0",
"description": "[Bootstrap 4](https://www.drupal.org/project/bootstrap4) subtheme.",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC",
"devDependencies": {
"cross-env": "^7.0.3",
"laravel-mix": "^6.0.49"
}
}
Please suggest me to resolve this issue!

Try adding to your package.json an override that means it will replace a package in your dependency tree with another version.
The package that has vulnerabilities is file-type, but npm says that you have to update the dependent-package (package>dependent-package>package-with-vulnerabilities), so you will have to update imagemin.
It seems that laravel-mix have not fix this issue, but the solution all ready exist.
Check this URL: https://snyk.io/test/npm/laravel-mix/6.0.20#SNYK-JS-FILETYPE-2958042
Try with this code on your package.json
{
"name": "cp_bootstrap4",
"version": "1.0.0",
"description": "[Bootstrap 4](https://www.drupal.org/project/bootstrap4) subtheme.",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC",
"devDependencies": {
"cross-env": "^7.0.3",
"laravel-mix": "^6.0.49"
},
"overrides": {
"laravel-mix": {
"imagemin": "^8.0.1"
}
}
}

Related

Yarn install loops itself

I get yarn loops when starting my server.
>Console Listener setup OK
>Started map fivem-map-hipster
>Started resource fivem-map-hipster
>[yarn] yarn install v1.22.5
>[yarn] [1/4] Resolving packages...
and then it loops and tries to resolve the package again.
My package.json looks like this:
{
"name": "webpack-builder",
"version": "1.0.1",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"author": "",
"license": "ISC",
"dependencies": {
"async": "^3.1.0",
"webpack": "^4.41.2",
"worker-farm": "^1.7.0"
}
}
what am I missing?

while deploying my project to heroku i am getting error Cannot find module '/app/server.js'

As you can see the error but i have declared everything corrctly still i am getting this error. my server.js file is present inside the backend folder.
my package.json
{
"name": "mern",
"version": "1.0.0",
"description": "MERN Develeopment",
"main": "server.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"start": "nodemon backend/server.js",
"client": "npm start --prefix frontend",
"heroku-postbuild": "NPM_CONFIG_PRODUCTION=false npm install --prefix frontend"
},
"author": "Rahul Kumar",
"license": "ISC",
"dependencies": {
"bcryptjs": "^2.4.3",
"dotenv": "^16.0.1",
"express": "^4.18.1",
"express-async-handler": "^1.2.0",
"jsonwebtoken": "^8.5.1",
"mongoose": "^5.13.15",
"nodemon": "^2.0.19"
}
}
Procfile - web:node backend/server.js
anybody please help on this.

Why is Tailwind's build command not working?

I'm a beginner and just learning Tailwind, so I made a project and pushed it to GitHub. Unfortunately, I added style.css to my git ignore file and it wasn't pushed to GitHub. Tailwind works in my HTML files and also in my src/style.css file, and this should compress into public/style.css. This is no problem, I thought.
I don't have the project on my hard drive, so I cloned the repo from GitHub and tried to build it again, to automatically create a style.css file. However, when I try to build with the command below, it's throwing this error:
npm run build -p
What is the issue, and what should I do now ?
My package file:
{
"name": "project-1",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"build": "tailwindcss -i ./src/tailwind.css -o ./public/style.css -w",
"build-p" : "postcss ./src/tailwind.css -o ./public/style.css -w"
},
"keywords": [],
"author": "",
"license": "ISC",
"devDependencies": {
"autoprefixer": "^10.4.0",
"postcss": "^8.4.5",
"tailwindcss": "^3.0.6"
}
}
You are missing the npx infront of your build command as tailwindcss is not an executable.
Add npx at the start of your build command in your package.json to resolve this issue.
Here an example based on your provided screenshot:
{
"name": "project-1",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"build": "npx tailwindcss -i ./src/tailwind.css -o ./public/style.css --watch",
"build-p": "postcss ./src/tailwind.css -o ./public/style.css --watch"
},
"keywords": [],
"author": "",
"license": "ISC",
"devDependencies": {
"autoprefixer": "^10.4.0",
"postcss": "^8.4.5",
"tailwindcss": "^3.0.6"
}
}
The executable's name for local installations is actually tailwind, not tailwindcss:
"scripts": {
"build": "tailwind -i ./src/tailwind.css -o ./public/style.css -w",
^^--- replaced tailwindcss with tailwind
The code above assumes you have tailwindcss in your dependencies, e.g.:
"devDependencies": {
"tailwindcss": "^3.2.1"
and have installed them (npm install).

Deploying Preact to Heroku

I've written a pretty simple app in Preact. No back end server, just front-end calling a web API and displaying the results.
I set it up on Heroku and it reports that it deployed successfully, but trying to access the app fails right out the gate:
2020-09-14T02:10:11.845503+00:00 heroku[web.1]: Starting process with command `npm start`
2020-09-14T02:10:14.403769+00:00 app[web.1]: npm ERR! missing script: start
How should I [define a start script to] make this work?
In development I run yarn dev like the Preact docs suggest. My guess is that's just a dev server though.
FWIW, Here's my package.json
{
"private": true,
"name": "clips-preact",
"version": "0.0.0",
"license": "MIT",
"scripts": {
"build": "preact build",
"serve": "sirv build --port 8080 --cors --single",
"dev": "preact watch",
"lint": "eslint src"
},
"eslintConfig": {
"extends": "eslint-config-synacor"
},
"eslintIgnore": [
"build/*"
],
"devDependencies": {
"eslint": "^6.0.1",
"eslint-config-synacor": "^3.0.4",
"preact-cli": "^3.0.0",
"sirv-cli": "^1.0.3"
},
"dependencies": {
"axios": "^0.20.0",
"preact": "^10.1.0",
"preact-render-to-string": "^5.1.2",
"recoil": "^0.0.10"
}
}
I'm late, but to anyone who comes across this, you shouldn't be running a separate server at all.
Preact CLI builds to static output. Just point your webserver (nginx, apache) at the directory and let it handle serving the files.
Give this a try:
{
"private": true,
"name": "clips-preact",
"version": "0.0.0",
"license": "MIT",
"scripts": {
"build": "preact build",
"serve": "sirv build --port 8080 --cors --single",
"dev": "preact watch",
"lint": "eslint src",
// Your file name ↓ make sure to remove this comment before you go.
"start": "node index.js"
}
You have to add "start" inside the "scripts" area, then as you running your script type "node your_file_name" this will make "npm start" command run "node your_file_name" command.

Why I'm not able to run npm scripts? [duplicate]

I was running an Electron project, and everything worked just fine. But now when I run any of the scripts in my package.json (including npm start), it just escapes a line and doesn't do anything.
My package.json:
{
"name": "interclip-desktop",
"version": "0.0.7",
"description": "Interclip for desktop",
"repository": "https://github.com/aperta-principium/Interclip-desktop",
"main": "main.js",
"scripts": {
"start": "electron .",
"package-mac": "electron-packager . --overwrite --asar=true --platform=darwin --arch=x64 --icon=assets/icons/mac/icon.icns --prune=true --out=release-builds",
"package-win": "electron-packager . Interclip --overwrite --platform=win32 --arch=ia32 --icon=assets/icons/win/icon.ico --prune=true --out=release-builds --version-string.CompanyName=CE --version-string.FileDescription=CE --version-string.ProductName=\"Interclip\"",
"package-linux": "electron-packager . Interclip --overwrite --asar=true --platform=linux --arch=x64 --icon=assets/icons/png/icon.png --prune=true --out=release-builds",
"win-install": "node installers/windows/createinstaller.js",
"postinstall": "electron-builder install-app-deps",
"build": "electron-builder --linux",
"release": "electron-builder --linux --publish always"
},
"keywords": [
"Desktop",
"Interclip"
],
"author": "Filip Troníček",
"license": "MIT",
"devDependencies": {
"electron": "^7.1.2",
"electron-builder": "^22.1.0",
"electron-installer-dmg": "^3.0.0",
"electron-packager": "^14.1.1",
"electron-reload": "^1.5.0",
"electron-winstaller": "^4.0.0"
},
"dependencies": {
"axios": "^0.19.0",
"mousetrap": "^1.6.3"
},
"build": {
"appId": "com.aperta-principium.interclip",
"productName": "Interclip",
"mac": {
"category": "public.app-category.utilities"
},
"dmg": {
"icon": false
},
"linux": {
"target": [
"AppImage"
],
"category": "Utility"
}
}
}
I tried updating NPM, didn't work. When I tried in different projects, also doesn't work.
Thanks in advance
npm has a ignore-scripts configuration key. It's expected value is a Boolean and it's set to false by default.
Perhaps it has inadvertently been set to true.
To get/set the ignore-scripts configuration you can utilize the npm-config command:
Check its current setting by running:
npm config get ignore-scripts
If the aforementioned command returns true then reset it to false by running:
npm config set ignore-scripts false
If you are using an integrated terminal (such as the VsCode integrated terminal) try running your npm "run dev' command from your PowerShell (or cmd) terminal. This error arises as a result of your integrated terminal not recognizing your command (especially if you created your app with a git bash terminal).
Try this, and I hope it helps someone cause it always works for me. Cheers!!!

Resources