How to fix gulp vulnerabitilies problem?

L

LokiX2021-11-06 14:18:10

gulp.js

LokiX, 2021-11-06 14:18:10

Initially, when I installed the gulp-cli plugin, I got 23 high vulnerabilities. I decided to do a little investigation into this event. I suspect that the problem is updating npm packages. I tried to fix this problem, but I really could not do anything. The collector itself gulp is fully functional without any problems. I just want to understand what could go wrong

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

F

FairyTaleComposer, 2021-11-06
@FairyTaleComposer

I do not pretend to be the ultimate truth, but from my experience it follows:
Gulp has not been updated for a long time, you can see it on the npm website. It is unlikely that this issue of vulnerabilities is somehow solved. This is not the first time I have come across a similar story, not only with a gallop. Previously, there were no such number of vulnerabilities, they appear over time, when the package stops being updated. Here it depends on vulnerable, also outdated versions of other packages. In short, the usual version incompatibility and lack of up-to-date package support. This question, as far as I can tell, should be decided by the developers of the package.
npm audit fix --force
installs new versions of dependencies, and this really solves the issue with a small number of vulnerabilities.
But in the case of Galp, I installed it the other day - there were no fewer vulnerabilities, but some of the high ones turned into critical ones))