After installing NR and the flow node-red-node-openweathermap 0.2.1
Node-RED Version: v1.0.3
Node.js Version: v12.16.1
Linux 4.19.79-v7+ arm LE
we got an npm audit error message which we are not able to fix.
What do we need to do?
npm audit fix does not work.
Installation process and error message
npm install node-red-node-openweathermap
npm WARN deprecated email@example.com: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN firstname.lastname@example.org No repository field.
npm WARN email@example.com No license field.
updated 1 package, moved 1 package and audited 1404 packages in 27.849s
1 package is looking for funding
npm fund for details
found 1 high severity vulnerability
npm audit fix to fix them, or
npm audit for details
sudo npm audit
=== npm audit security report === Manual Review Some vulnerabilities require your attention to resolve Visit https://go.npm.me/audit-guide for additional guidance
High │ Insufficient Entropy
Package │ cryptiles
Patched in │ >=4.1.2
Dependency of │ node-red-node-openweathermap
Path │ node-red-node-openweathermap > request > hawk > cryptiles
More info │ https://npmjs.com/advisories/1464
found 1 high severity vulnerability in 1404 scanned packages
1 vulnerability requires manual review. See the full report for details.