SAO instalation errors

AlbertAE · February 3, 2023, 12:34pm

npm install --legacy-peer-deps
npm audit fix --force

When finish to npm appers this errors

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/tap/node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerabilit- https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/tap/node_modules/minimatch

minimist  <1.2.6
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/tap/node_modules/minimist

underscore  1.3.2 - 1.12.0
Severity: critical
Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
fix available via `npm audit fix`
node_modules/underscore
  nomnom  >=1.6.0
  Depends on vulnerable versions of underscore
  node_modules/nomnom
    po2json  0.3.1 - 0.4.5
    Depends on vulnerable versions of nomnom
    node_modules/po2json

6 vulnerabilities (2 high, 4 critical)

ced · February 3, 2023, 3:46pm

Those are warnings for the build tools that are not part of the runtime of sao.
So you can just ignore them or try to contribute to those projects to publish a version without the vulnerabilities.