Skip to content

Bug: When installing Node AV npm says there are vulnerabilities #277

Description

@TKTK123456

Describe the Bug

When installing Node AV npm says there are vulnerabilities

To Reproduce

  1. Install it with npm

Expected Behavior

No vulnerabilities to pop up

Code Sample

Relevant Log Output / Error Messages

`ip  *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix --force`
Will install node-av@3.0.6, which is a breaking change
node_modules/ip
  werift  *
  Depends on vulnerable versions of ip
  Depends on vulnerable versions of werift-ice
  node_modules/werift
    node-av  >=3.1.0
    Depends on vulnerable versions of werift
    node_modules/node-av
  werift-ice  *
  Depends on vulnerable versions of ip
  node_modules/werift-ice

4 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force
`

Node.js Version

v25.9.0

NodeAV Version

Latest? (Whatever npm installed)

Operating System

Linux mint

Installation Method

npm install

API Used

Both

Hardware Acceleration

None

Additional Context

This was well installation so neither api in particular
Maybe look at https://github.com/Zaptic/neoip

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions