1

I am using Sublime Text. I have installed the Linter package and the ccslint and htmllint. To install the last two I have had to install Node.js on my Mac.

The CSS and HTML linters appear to work fine in Sublime.

However, when I installed the htmllint by typing the following into Terminal

sudo npm install -g htmlhint@latest

I get the following worrying message in Terminal:

enter image description here

In Terminal I’ve typed in and pressed enter:

npm audit fix --force

I get the following

enter image description here

When I installed Node I got the following message, which I don’t understand and have not done anything with. Is this connected with the vulnerabilities? And if so, what do I do?

enter image description here

Help!

user2991837
  • 626
  • 1
  • 8
  • 17

2 Answers2

2

There is not vulnerability report of NodeJS. The vulnerability report if for installed package htmlhint@latest. Take on mind, you will get a well known vulnerability report of all your scope package, every time you install a new one.

If you want to know more about these vulnerabilities run: npm audit without the fix command. Contact the maintainer package in order to get an update.

Diesan Romero
  • 1,292
  • 4
  • 20
  • 45
  • I've run an audit. It says the same as the second screen grab above. So I need to contact the person who maintains the packages? – user2991837 Mar 08 '22 at 16:23
  • There is information about who maintains the package if you use the npm info command. You can contact them directly or see if there is a topic in the Github issues section about it. – Diesan Romero Mar 08 '22 at 16:29
2

The package you installed has vulnerabilities. The maintainers need to update it or it will stay like this. You could of course update their dependency list but stuff might break!

Pukima
  • 33
  • 6
  • How serious a problem is this? Can I ignore it and continue to use these installed packages, or should I try and delete them? – user2991837 Mar 08 '22 at 16:27
  • @user2991837 Whether you want to use it or remove it is up to you. How serious the vulnerability is, you can only see if you use npm audit. It will always be up to you. – Diesan Romero Mar 08 '22 at 16:32
  • The npm audit says: code ENOLOCK npm ERR! audit This command requires an existing lockfile. npm ERR! audit Try creating one first with: npm i --package-lock-only npm ERR! audit Original error: loadVirtual requires existing shrinkwrap file I have no idea what any of this means. And what is a vulnerability?? What could happen? – user2991837 Mar 08 '22 at 16:39
  • @user2991837 you should find information about that module in npmjs.com or contact the maintainer. – Diesan Romero Mar 08 '22 at 17:13