1

I was getting an error from Github about ansi-html vuanrablity. I ran an npm update on my local install, and it said that there was no fix for it. The only thing I could find about how to fix this is this link. Uncontrolled Resource Consumption in ansi-html

However, when following these instructions I then got a high severity warning that says "87 packages are looking for funding run npm fund for details". I do that and a list of URLs is revealed. It also says to run npm audit which returns "*Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9*" Any help on how to resolve this would be appreciated.

MSC
  • 55
  • 7
  • so, uhm... what was the "not supported" error? you mentioned the "fund" notice, which isn't an error or a warning, and an audit notice that pointed out a vulnerability that the library authors haven't resolved... I mean, you could fix it for them and submit a pull request? – Kevin B Oct 28 '21 at 21:01

1 Answers1

1

The funding message is unrelated. This is a unique case in that the maintainers for ansi-html are inactive so you will need to resolve to another package called ansi-html-community.

To fix the vulnerability for ansi-html you will need to use npm-force-resolutions as described here:

https://stackoverflow.com/a/69591894/12649786

Justin Dehorty
  • 1,383
  • 1
  • 15
  • 26
  • I did this and I still get an error. I would have put the comment on the post you referred to, but I cannot comment on that one. My terminal is saying `Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9 No fix available node_modules/ansi-html`what that means. – MSC Nov 01 '21 at 14:21