Comments (8)
Hi,
Please note that the release tarballs don't contain many of these, since they are just used with the test infrastructure.
Hence if you run a make install
when compiling from the source tarballs, they will also not be installed as well.
from arangodb.
Hi @dothebart,
The list of modules provided is from the /usr/share/arangodb3/js/node/package-lock.json
file of the packaged installation (not compiled from source).
Did I get it right, that this file may contain links to non-existing modules?
Is there any way to determine what modules of mentioned versions from the list above are really installed and used?
The reason I ask is: if a packaged ArangoDB installation really contains these mentioned modules with CRITICAL
or HIGH
severity at least, then we can't use it in production system due to security requirements.
from arangodb.
Yes, the json file is not the complete picture on the disk. /usr/share/arangodb3/js/node/node_modules/
will only contain a subset of that list. However some of your list are still there.
root@bruecklinux:~# ls /usr/share/arangodb3/js/node/node_modules/
accepts babel-code-frame dedent highlight.js joi mime-types qs statuses
ajv chai error-stack-parser http-errors joi-to-json-schema minimatch range-parser timezone
ansi-html-community content-disposition extendible i js-yaml ms semver type-is
aqb content-type graphql-sync iconv-lite lodash netmask sinon vary
from arangodb.
So, we can assume, that ArangoDB uses modules in the /usr/share/arangodb3/js/node/node_modules
directory only, and
the correct way to check module version is to visit package.json
in its subdirectory something like below.
d=/usr/share/arangodb3/js/node/node_modules
find ${d?} -name 'package.json' -exec printf "{}\n" \; -exec jq '.name,.version' {} \; | tee modules.txt
Is this correct?
from arangodb.
@dothebart
I've corrected the issue text.
Is my method of checking all js modules and their versions used by ArangoDB above correct?
from arangodb.
yes, seems good - you should as well find sub modules this way.
from arangodb.
Yes, the ansi-regex 2.1.1
module name and version was found in some submodule directory by the way described above.
/usr/share/arangodb3/js/node/node_modules/babel-code-frame/node_modules/ansi-regex/package.json
"ansi-regex"
"2.1.1"
According to your comment this probably means, that ansi-regex 3.0.0 and 4.1.0
are not really installed and used despite the fact, that these versions are mentioned in package-lock.json
. But ansi-regex 2.1.1
is really installed and used.
@dothebart, thanks a lot!
from arangodb.
Ok, great we could settle this.
from arangodb.
Related Issues (20)
- Feature Request: Seperate query from data for easier and safer operations HOT 3
- How to listen to changes in Arango Collection HOT 1
- RocksDB encountered a background error during a compaction operation: HOT 2
- GraphAR export / import
- optimizer should consider projections and stored values when selecting indexes HOT 5
- Render large graph - rendering bug - select graph traversal order
- Fedora 40 fatal error when login HOT 4
- Update leader election failed. error="context deadline exceeded": Deployment Using the ArangoDB Starter in Docker
- Primary Sort ArangoSearch is not flexible, What's other way do with sort in ArangoSearch HOT 18
- Documentation conflict. Is Active Failover mode deprecated? HOT 2
- ArangoSearch view: sort after pagination breaks view performance HOT 3
- InvalidImageName HOT 2
- How to join arangodb community slack channel? HOT 1
- Search-Alias View can't search on field type array HOT 3
- Arangorestore error 'Connection closed by remote'
- Understanding how switching a license works
- [BUG] mergeObjects does not effect the root document HOT 2
- Number Overflow when using AVG HOT 1
- Can't add inverted indexes contains same sort fields of other collections to a view search-alias HOT 1
- Can't add a index collection contains primary sort different config primary sort of previous indexes to a search-alias view HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from arangodb.