numerous security vulnerabilties, errors on starting app #4
Description
[stephen@family ~]$ rpm -qa | grep mongo
mongodb-server-2.6.12-6.el7.x86_64
[stephen@family ~]$ rpm -qa | grep node
nodesource-release-el7-1.noarch
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.7.x86_64
nodejs-10.9.0-1nodesource.x86_64
[stephen@family ~]$ git clone git://github.com/springerpe/uptime.git
Cloning into 'uptime'...
remote: Counting objects: 4123, done.
remote: Total 4123 (delta 4), reused 4 (delta 4), pack-reused 4118
Receiving objects: 100% (4123/4123), 2.15 MiB | 1.17 MiB/s, done.
Resolving deltas: 100% (1993/1993), done.
[stephen@family ~]$ cd uptime
[stephen@family uptime]$ ls
app CHANGELOG.md fig.yml LICENSE monitor.js README.md
app.js config fixtures makefile package.json test
bootstrap.js Dockerfile lib models plugins
[stephen@family uptime]$ npm install
npm WARN deprecated [email protected]: Critical security bugs fixed in 2.5.5
npm WARN deprecated [email protected]: All versions below 4.0.1 of Nodemailer are deprecated. See https://nodemailer.com/status/
npm WARN deprecated [email protected]: connect 2.x series is deprecated
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: This project is unmaintained
npm WARN deprecated [email protected]: Jade has been renamed to pug, please install the latest version of pug instead of jade
npm WARN deprecated [email protected]: Use uuid module instead
npm WARN deprecated [email protected]: This project is unmaintained
npm WARN deprecated [email protected]: The major version is no longer supported. Please update to 4.x or newer
npm WARN deprecated [email protected]: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated [email protected]: Please upgrade to 2.2.19 or higher
[email protected] install /home/stephen/uptime/node_modules/bson
(node-gyp rebuild 2> builderror.log) || (exit 0)
make: Entering directory /home/stephen/uptime/node_modules/bson/build' CXX(target) Release/obj.target/bson/ext/bson.o make: Leaving directory /home/stephen/uptime/node_modules/bson/build'
[email protected] install /home/stephen/uptime/node_modules/raw-socket
node-gyp rebuild
make: Entering directory /home/stephen/uptime/node_modules/raw-socket/build' CXX(target) Release/obj.target/raw/src/raw.o SOLINK_MODULE(target) Release/obj.target/raw.node COPY Release/raw.node make: Leaving directory /home/stephen/uptime/node_modules/raw-socket/build'
[email protected] install /home/stephen/uptime/node_modules/ws
(node-gyp rebuild 2> builderror.log) || (exit 0)
make: Entering directory /home/stephen/uptime/node_modules/ws/build' CXX(target) Release/obj.target/bufferutil/src/bufferutil.o make: Leaving directory /home/stephen/uptime/node_modules/ws/build'
npm notice created a lockfile as package-lock.json. You should commit this file.
added 171 packages from 195 contributors and audited 265 packages in 17.161s
found 47 vulnerabilities (9 low, 26 moderate, 10 high, 2 critical)
run npm audit fix to fix them, or npm audit for details
[stephen@family uptime]$ node app
/home/stephen/uptime/node_modules/socket.io/lib/store.js:35
Store.prototype.proto = EventEmitter.prototype;
^
TypeError: Cannot read property 'prototype' of undefined
at Object. (/home/stephen/uptime/node_modules/socket.io/lib/store.js:35:42)
at Module._compile (internal/modules/cjs/loader.js:689:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:700:10)
at Module.load (internal/modules/cjs/loader.js:599:32)
at tryModuleLoad (internal/modules/cjs/loader.js:538:12)
at Function.Module._load (internal/modules/cjs/loader.js:530:3)
at Module.require (internal/modules/cjs/loader.js:637:17)
at require (internal/modules/cjs/helpers.js:20:18)
at Object. (/home/stephen/uptime/node_modules/socket.io/lib/manager.js:16:13)
at Module._compile (internal/modules/cjs/loader.js:689:30)
[stephen@family uptime]$ sudo node app
[sudo] password for stephen:
/home/stephen/uptime/node_modules/socket.io/lib/store.js:35
Store.prototype.proto = EventEmitter.prototype;
^
TypeError: Cannot read property 'prototype' of undefined
at Object. (/home/stephen/uptime/node_modules/socket.io/lib/store.js:35:42)
at Module._compile (internal/modules/cjs/loader.js:689:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:700:10)
at Module.load (internal/modules/cjs/loader.js:599:32)
at tryModuleLoad (internal/modules/cjs/loader.js:538:12)
at Function.Module._load (internal/modules/cjs/loader.js:530:3)
at Module.require (internal/modules/cjs/loader.js:637:17)
at require (internal/modules/cjs/helpers.js:20:18)
at Object. (/home/stephen/uptime/node_modules/socket.io/lib/manager.js:16:13)
at Module._compile (internal/modules/cjs/loader.js:689:30)
[stephen@family uptime]$