Node-red-contrib-viseo-google-spreadsheet : scary warnings


npm install node-red-contrib-viseo-google-spreadsheet

Yields a bunch of scary warnings about deprecated dependencies and security warnings. Running npm audit afterwards gives me a long list of details that are above my current knowledge level. For instance,

│ High          │ Denial-of-Service Extended Event Loop Blocking 
│ Package       │ qs 
│ Patched in    │ >= 1.x
│ Dependency of │ node-red-contrib-viseo-google-spreadsheet 
│ Path          │ node-red-contrib-viseo-google-spreadsheet >  
│               │ node-red-viseo-helper > request > qs 
│ More info     │

I checked the advisory and then the repository and then ran npm install qs in the hopes that it would fix it. Restarted NR and re-ran npm audit and got the same result. Clearly there is something I should be doing but don't know how to do.

As a general question, when faced with security/deprecated warnings when installing a node, what is the process for ironing that out?

The Google spreadsheet node is installed and works well enough to tell me that I need to RTFM:

Missing VISEO Bot Maker key - Read the documentation.

Which I did and saw no mention of a Bot Maker key, nor do I see a place to enter it...

From their main repo: "VISEO Bot Maker is a framework built on top of Node-RED". I think that their nodes are designed to be used as part of a larger system.

I also note that they have a lot of open and unanswered issues.

However, whatever the case, you will need to raise an issue on GitHub asking them to update their dependencies.

1 Like

More info appears to be here:

There doesn't appear to be a resolution yet however even though that was raised in April.

1 Like

I actually started to raise an issue over on the VISEO repository to ask about this but I saw that there were lots of open questions so I thought I'd start here first. I'll finish my question and see what kind of response I get. I don't expect it will be quick or helpful.