Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. App Packaging & Development
  3. Cloudron CLI : warning on update

Cloudron CLI : warning on update

Scheduled Pinned Locked Moved App Packaging & Development
5 Posts 4 Posters 481 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • timconsidineT Offline
    timconsidineT Offline
    timconsidine App Dev
    wrote on last edited by
    #1

    Just updated my Cloudron CLI install and saw this :

    $ npm install -g cloudron@4.15.3

added 2 packages, removed 1 package, changed 115 packages, and audited 118 packages in 6s

1 high severity vulnerability

    Does it matter ? Is it really a high severity vulnerability ?

    1 Reply Last reply
    0
    • nebulonN Away
      nebulonN Away
      nebulon Staff
      wrote on last edited by
      #2

      Generally since this is just a commandline tool, those warnings mostly do not apply at all. Those affected modules are in this case not used in any daemon or code exposed to the public. We still update dependencies of course accordingly where we see fit.

      timconsidineT 1 Reply Last reply
      1
      • timconsidineT Offline
        timconsidineT Offline
        timconsidine App Dev
        replied to nebulon on last edited by
        #3

        @nebulon 👍 no rush, no problem

        micmcM 1 Reply Last reply
        0
        • girishG Offline
          girishG Offline
          girish Staff
          wrote on last edited by
          #4

          See https://overreacted.io/npm-audit-broken-by-design/ and https://news.ycombinator.com/item?id=27761334 on this topic.

          1 Reply Last reply
          2
          • micmcM Offline
            micmcM Offline
            micmc
            replied to timconsidine on last edited by
            #5

            @timconsidine said in Cloudron CLI : warning on update:

            @nebulon 👍 no rush, no problem

            Try I too get the same thing, but then try 'npm audit' you should see "found 0 vulnerabilities". 🙂

            Ignorance is not an excuse anymore!
            https://AutomateKit.com

            1 Reply Last reply
            1

            • Login
            • Don't have an account? Register
            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • Bookmarks
            • Search