-
-
Notifications
You must be signed in to change notification settings - Fork 603
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
node-static package is vulnerable,How to bypass this dependency #4330
Comments
You can ping https://github.com/fqueze/usb-power-profiling and ask them to fix the dependency, then I can upgrade to the new version in Browsertime. |
@fqueze @gmierz @canova @gw3583 @#5julienw. Please see the above comments from @soulgalore. Can you help fixing the dependency (node- static) package |
usb-power-profiling 1.5.0 no longer depends on node-static. |
@soulgalore. usb-power-profiling contributors has replaced node-static package with serve-handler. Can you help with the new version of browertime. |
This is fixed in #4336 - let me do a sitespeed.io release later tonight. |
Your question
node-static is dependent package for sitespeed /browsertime. But node-static is considered highly vulnerable, and our organization is not allowing us to download this dependency. Please refer the package health score from the URL below.
https://snyk.io/advisor/npm-package/node-static?_gl=1*158ie5y*_gcl_au*MjI0NDY2MTE0LjE3MzM1MTA3NzQ.*_ga*MTc1MjA5NDMyNi4xNzMzNTEwNzYw*_ga_X9SH3KP7B4*MTczMzUxMDc2My4xLjEuMTczMzUxMDc3NC4wLjAuMA..
and Due to this we are not able to install it via NPM install command. Refer the exception . Is there a way to bypass the dependency and proceed.
X:>npm install -g sitespeed.io@35.2.0
npm error code E404
npm error 404 Not Found - GET https://XXX-nprepo.XXX.com/artifactory/api/npm/fm-npm-auto-local/node-static
npm error 404
npm error 404 'node-static@^0.7.11' is not in this registry.
npm error 404
npm error 404 Note that you can also install from a
npm error 404 tarball, folder, http url, or git url.
The text was updated successfully, but these errors were encountered: