16
saucyatom
243d

Holy heavens! I'm gonna work with a js framework at my day job.

After installing nodejs I'm immediately greeted by a warning that something is somehow broken. Installing the packages for the barebones repo leads to hundreds of dependencies and vulnerability warnings. I don't even know anything beyond document.getElementById().

On a scale of 1 to Squidward Tentacles, how much am I gonna hate my job?

Comments
  • 6
  • 11
    You will quickly learn to ignore npm warnings.
  • 3
    and also all the donations spam
  • 2
    @jestdotty is looking for funding
  • 5
    It sounds like an average nodejs / javascript job, so, you're going to kill yourself within the month.
  • 0
    npm is very trigger happy when it comes about warnings. Run npm audit fix if it bothers you, or ignore them otherwise.
  • 0
    That depends on what framework?
  • 0
    @jestdotty someone built the project with dependency vX.Y.Z, that's what you download.

    Then a vulnerability is discovered later and a patch is released, you download the project and install the dependencies the project is supposed to run with.

    NPM realizes some of those dependencies have vulnerabilities, shows you a warning.

    But NPM is not going to change your project by its own will and risk breaking behavior you have already accounted for; updating dependencies is always a risk and it's something you consciously decide, not something that just so happens out of nowhere.
Add Comment