On a Win10 machine, I am trying to set VS code as an external editor for Google Sheets scripts. Following this post I followed this video I installed npm. Not sure exactly what npm if for, however after installing I get some security issues. Installation output log:
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules\watchpack\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.11 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.11: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
added 1037 packages from 459 contributors and audited 1109 packages in 71.081s
found 3 low severity vulnerabilities
run `npm audit fix` to fix them, or `npm audit` for details
executing npm audit as suggested output the following:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Prototype Pollution
Package minimist
Patched in >=0.2.1 <1.0.0 || >=1.2.3
Dependency of webpack [dev]
Path webpack > watchpack > watchpack-chokidar2 > chokidar >
fsevents > node-pre-gyp > mkdirp > minimist
More info https://npmjs.com/advisories/1179
Low Prototype Pollution
Package minimist
Patched in >=0.2.1 <1.0.0 || >=1.2.3
Dependency of webpack [dev]
Path webpack > watchpack > watchpack-chokidar2 > chokidar >
fsevents > node-pre-gyp > tar > mkdirp > minimist
More info https://npmjs.com/advisories/1179
Low Prototype Pollution
Package minimist
Patched in >=0.2.1 <1.0.0 || >=1.2.3
Dependency of webpack [dev]
Path webpack > watchpack > watchpack-chokidar2 > chokidar >
fsevents > node-pre-gyp > rc > minimist
More info https://npmjs.com/advisories/1179
found 3 low severity vulnerabilities in 1109 scanned packages
3 vulnerabilities require manual review. See the full report for details.
npm audit fix fails to fix the issues:
npm WARN inquirer-autocomplete-prompt@1.0.1 requires a peer of inquirer@^5.0.0 || ^6.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules\watchpack\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.11 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.11: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
up to date in 19.198s
fixed 0 of 3 vulnerabilities in 1109 scanned packages
3 vulnerabilities required manual review and could not be updated
npm site describes a bit this issue.
executing npm version reports :
{ 'apps-script-starter': '4.20.0',
npm: '6.9.0',
ares: '1.15.0',
brotli: '1.0.7',
cldr: '35.1',
http_parser: '2.8.0',
icu: '64.2',
modules: '64',
napi: '4',
nghttp2: '1.39.2',
node: '10.16.3',
openssl: '1.1.1c',
tz: '2019a',
unicode: '12.1',
uv: '1.28.0',
v8: '6.8.275.32-node.54',
zlib: '1.2.11' }
Question: What should I do to fix it, if at all?
