A recent npm audit found 169 vulnerabilities (22 low, 54 moderate, 72 high, 21 critical)
$ git clone git@github.com:sapessi/serverless-sam.git
Cloning into 'serverless-sam'...
remote: Enumerating objects: 179, done.
remote: Total 179 (delta 0), reused 0 (delta 0), pack-reused 179
Receiving objects: 100% (179/179), 46.07 KiB | 924.00 KiB/s, done.
Resolving deltas: 100% (104/104), done.
$ cd serverless-sam
$ node --version
v14.17.3
$ npm --version
6.14.13
$ npm install
npm WARN deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated json3@3.3.2: Please use the native JSON object instead of JSON 3
npm WARN deprecated libcipm@1.6.3: This module is no longer used. Please see @npmcli/arborist if you would like to build and reify package trees programmatically.
npm WARN deprecated serverless@1.83.3: v1 is no longer maintained. To avoid security and functionality issues please upgrade to latest version
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated read-package-tree@5.3.1: The functionality that this package provided is now in @npmcli/arborist
npm WARN deprecated tar@2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated socks@1.1.10: If using 2.x branch, please upgrade to at least 2.1.6 to avoid a serious bug with socket data flow and an import issue introduced in 2.1.0
npm WARN deprecated querystring@0.2.1: The
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated @types/chalk@2.2.0: This is a stub types definition for chalk (https://github.com/chalk/chalk). chalk provides its own type definitions, so you don't need @types/chalk installed!
> protobufjs@6.11.2 postinstall /home/cschroed/src/serverless-sam/node_modules/protobufjs
> node scripts/postinstall
> es5-ext@0.10.61 postinstall /home/cschroed/src/serverless-sam/node_modules/es5-ext
> node -e "try{require('./_postinstall')}catch(e){}" || exit 0
> serverless@1.83.3 postinstall /home/cschroed/src/serverless-sam/node_modules/serverless
> node ./scripts/postinstall.js
┌───────────────────────────────────────────────────┐
│ │
│ Serverless Framework successfully installed! │
│ │
│ To start your first project run 'serverless'. │
│ │
└───────────────────────────────────────────────────┘
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@~2.3.2 (node_modules/chokidar/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
added 1332 packages from 1399 contributors and audited 1333 packages in 52.911s
28 packages are looking for funding
run `npm fund` for details
found 169 vulnerabilities (22 low, 54 moderate, 72 high, 21 critical)
run `npm audit fix` to fix them, or `npm audit` for details
A recent npm audit found 169 vulnerabilities (22 low, 54 moderate, 72 high, 21 critical)