1

I am using Sublime Text. I have installed the Linter package and the ccslint and htmllint. To install the last two I have had to install Node.js on my Mac.

The CSS and HTML linters appear to work fine in Sublime.

However, when I installed the htmllint by typing the following into Terminal

sudo npm install -g htmlhint@latest

I get the following worrying message in Terminal:

enter image description here

In Terminal I’ve typed in and pressed enter:

npm audit fix --force

I get the following

enter image description here

When I installed Node I got the following message, which I don’t understand and have not done anything with. Is this connected with the vulnerabilities? And if so, what do I do?

enter image description here

Help!

asked Mar 8, 2022 at 16:12
2
  • See also What does "npm audit fix" exactly do? Commented Mar 8, 2022 at 16:14
  • What does this have to do with Sublime Text? Commented Mar 8, 2022 at 18:43

2 Answers 2

2

The package you installed has vulnerabilities. The maintainers need to update it or it will stay like this. You could of course update their dependency list but stuff might break!

answered Mar 8, 2022 at 16:15
Sign up to request clarification or add additional context in comments.

4 Comments

How serious a problem is this? Can I ignore it and continue to use these installed packages, or should I try and delete them?
@user2991837 Whether you want to use it or remove it is up to you. How serious the vulnerability is, you can only see if you use npm audit. It will always be up to you.
The npm audit says: code ENOLOCK npm ERR! audit This command requires an existing lockfile. npm ERR! audit Try creating one first with: npm i --package-lock-only npm ERR! audit Original error: loadVirtual requires existing shrinkwrap file I have no idea what any of this means. And what is a vulnerability?? What could happen?
@user2991837 you should find information about that module in npmjs.com or contact the maintainer.
2

There is not vulnerability report of NodeJS. The vulnerability report if for installed package htmlhint@latest. Take on mind, you will get a well known vulnerability report of all your scope package, every time you install a new one.

If you want to know more about these vulnerabilities run: npm audit without the fix command. Contact the maintainer package in order to get an update.

answered Mar 8, 2022 at 16:15

2 Comments

I've run an audit. It says the same as the second screen grab above. So I need to contact the person who maintains the packages?
There is information about who maintains the package if you use the npm info <package> command. You can contact them directly or see if there is a topic in the Github issues section about it.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.