Amazon IVS Nuxt.js 備忘録
GitHub からリポジトリをクローン
$ git clone https://github.com/******/ivs-nuxt
Cloning into 'ivs-nuxt'...
remote: Enumerating objects: 174, done.
remote: Counting objects: 100% (174/174), done.
remote: Compressing objects: 100% (98/98), done.
remote: Total 174 (delta 93), reused 144 (delta 73), pack-reused 0
Receiving objects: 100% (174/174), 602.72 KiB | 14.02 MiB/s, done.
Resolving deltas: 100% (93/93), done.
$ cd ivs-nuxt/
$ cat package.json
{
"name": "ivs-nuxt",
"version": "1.0.0",
"private": true,
"scripts": {
"dev": "nuxt",
"build": "nuxt build",
"start": "nuxt start",
"generate": "nuxt generate",
"lint:js": "eslint --ext ".js,.vue" --ignore-path .gitignore .",
"lint": "npm run lint:js"
},
"dependencies": {
"@nuxtjs/pwa": "^3.3.5",
"amazon-ivs-player": "^1.3.1",
"copy-webpack-plugin": "^6.4.1",
"core-js": "^3.9.1",
"nuxt": "^2.15.3",
"video.js": "^7.12.3"
},
"devDependencies": {
"@nuxtjs/eslint-config": "^6.0.0",
"@nuxtjs/eslint-module": "^3.0.2",
"@nuxtjs/vuetify": "^1.11.3",
"babel-eslint": "^10.1.0",
"eslint": "^7.22.0",
"eslint-plugin-nuxt": "^2.0.0",
"eslint-plugin-vue": "^7.7.0"
}
}
$ npm i
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated babel-eslint@10.1.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated core-js@2.6.12: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.
added 1451 packages, and audited 1452 packages in 41s
123 packages are looking for funding
run npm fund
for details
118 vulnerabilities (85 moderate, 24 high, 9 critical)
To address all issues, run:
npm audit fix
Run npm audit
for details.
$ npm audit
npm audit report
@babel/traverse <7.23.2
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via npm audit fix
node_modules/@babel/traverse
ansi-html <0.0.8
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via npm audit fix
node_modules/ansi-html
webpack-hot-middleware 2.9.0 - 2.25.0
Depends on vulnerable versions of ansi-html
node_modules/webpack-hot-middleware
ansi-regex 3.0.0 || 4.0.0 - 4.1.0 || 5.0.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via npm audit fix
node_modules/ansi-align/node_modules/ansi-regex
node_modules/ansi-regex
node_modules/string-width/node_modules/ansi-regex
browserify-sign 2.6.0 - 4.2.1
Severity: high
browserify-sign upper bound check issue in dsaVerify
leads to a signature forgery attack - https://github.com/advisories/GHSA-x9w5-v3q2-3rhw
fix available via npm audit fix
node_modules/browserify-sign
decode-uri-component <0.2.1
Severity: high
decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq
fix available via npm audit fix
node_modules/decode-uri-component
glob-parent <5.1.2
Severity: high
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via npm audit fix
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.44.0 - 4.47.0
Depends on vulnerable versions of watchpack
node_modules/webpack
@nuxt/webpack *
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-import
Depends on vulnerable versions of postcss-loader
Depends on vulnerable versions of postcss-preset-env
Depends on vulnerable versions of postcss-url
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-middleware
node_modules/@nuxt/webpack
@nuxt/builder 2.12.0 - 2.15.8
Depends on vulnerable versions of @nuxt/webpack
node_modules/@nuxt/builder
nuxt 2.3.2 - 2.15.8
Depends on vulnerable versions of @nuxt/builder
Depends on vulnerable versions of @nuxt/webpack
node_modules/nuxt
ip <1.1.9
Severity: moderate
NPM IP package incorrectly identifies some private IP addresses as public - https://github.com/advisories/GHSA-78xj-cgh5-2h22
fix available via npm audit fix
node_modules/ip
json5 <1.0.2 || >=2.0.0 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via npm audit fix
node_modules/babel-loader/node_modules/json5
node_modules/cache-loader/node_modules/json5
node_modules/html-webpack-plugin/node_modules/json5
node_modules/json5
node_modules/postcss-loader/node_modules/json5
node_modules/tsconfig-paths/node_modules/json5
node_modules/vue-loader/node_modules/json5
node_modules/vue-style-loader/node_modules/json5
node_modules/webpack/node_modules/json5
loader-utils <=1.4.1 || 2.0.0 - 2.0.3
Severity: critical
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488
fix available via npm audit fix
node_modules/babel-loader/node_modules/loader-utils
node_modules/cache-loader/node_modules/loader-utils
node_modules/html-webpack-plugin/node_modules/loader-utils
node_modules/loader-utils
node_modules/postcss-loader/node_modules/loader-utils
node_modules/vue-loader/node_modules/loader-utils
node_modules/vue-style-loader/node_modules/loader-utils
node_modules/webpack/node_modules/loader-utils
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via npm audit fix
node_modules/minimatch
minimist 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via npm audit fix
node_modules/minimist
nanoid 3.0.0 - 3.1.30
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via npm audit fix
node_modules/nanoid
node-fetch <2.6.7
Severity: high
node-fetch forwards secure headers to untrusted sites - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via npm audit fix
node_modules/node-fetch
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via npm audit fix
node_modules/nth-check
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
postcss-svgo <=5.0.0-rc.2
Depends on vulnerable versions of postcss
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
parse-path <5.0.0
Severity: high
Authorization Bypass in parse-path - https://github.com/advisories/GHSA-3j8f-xvm3-ffx4
fix available via npm audit fix
node_modules/parse-path
parse-url <=8.0.0
Depends on vulnerable versions of parse-path
node_modules/parse-url
git-up <=4.0.3
Depends on vulnerable versions of parse-url
node_modules/git-up
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via npm audit fix
node_modules/postcss
autoprefixer 1.0.20131222 - 9.8.8
Depends on vulnerable versions of postcss
node_modules/autoprefixer
postcss-preset-env <=7.0.0
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of css-blank-pseudo
Depends on vulnerable versions of css-has-pseudo
Depends on vulnerable versions of css-prefers-color-scheme
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-attribute-case-insensitive
Depends on vulnerable versions of postcss-color-functional-notation
Depends on vulnerable versions of postcss-color-gray
Depends on vulnerable versions of postcss-color-hex-alpha
Depends on vulnerable versions of postcss-color-mod-function
Depends on vulnerable versions of postcss-color-rebeccapurple
Depends on vulnerable versions of postcss-custom-media
Depends on vulnerable versions of postcss-custom-properties
Depends on vulnerable versions of postcss-custom-selectors
Depends on vulnerable versions of postcss-dir-pseudo-class
Depends on vulnerable versions of postcss-double-position-gradients
Depends on vulnerable versions of postcss-env-function
Depends on vulnerable versions of postcss-focus-visible
Depends on vulnerable versions of postcss-focus-within
Depends on vulnerable versions of postcss-font-variant
Depends on vulnerable versions of postcss-gap-properties
Depends on vulnerable versions of postcss-image-set-function
Depends on vulnerable versions of postcss-initial
Depends on vulnerable versions of postcss-lab-function
Depends on vulnerable versions of postcss-logical
Depends on vulnerable versions of postcss-media-minmax
Depends on vulnerable versions of postcss-nesting
Depends on vulnerable versions of postcss-overflow-shorthand
Depends on vulnerable versions of postcss-page-break
Depends on vulnerable versions of postcss-place
Depends on vulnerable versions of postcss-pseudo-class-any-link
Depends on vulnerable versions of postcss-replace-overflow-wrap
Depends on vulnerable versions of postcss-selector-matches
Depends on vulnerable versions of postcss-selector-not
node_modules/postcss-preset-env
css-blank-pseudo <=1.0.0
Depends on vulnerable versions of postcss
node_modules/css-blank-pseudo
css-declaration-sorter <=5.1.2
Depends on vulnerable versions of postcss
node_modules/css-declaration-sorter
css-has-pseudo <=1.0.0
Depends on vulnerable versions of postcss
node_modules/css-has-pseudo
css-loader 0.15.0 - 4.3.0
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-modules-extract-imports
Depends on vulnerable versions of postcss-modules-local-by-default
Depends on vulnerable versions of postcss-modules-scope
Depends on vulnerable versions of postcss-modules-values
node_modules/css-loader
css-prefers-color-scheme <=4.0.0
Depends on vulnerable versions of postcss
node_modules/css-prefers-color-scheme
cssnano <=4.1.11
Depends on vulnerable versions of cssnano-preset-default
Depends on vulnerable versions of postcss
node_modules/cssnano
optimize-css-assets-webpack-plugin <=1.3.2 || 3.0.0 - 5.0.8
Depends on vulnerable versions of cssnano
node_modules/optimize-css-assets-webpack-plugin
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of css-declaration-sorter
Depends on vulnerable versions of cssnano-util-raw-cache
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-calc
Depends on vulnerable versions of postcss-colormin
Depends on vulnerable versions of postcss-convert-values
Depends on vulnerable versions of postcss-discard-comments
Depends on vulnerable versions of postcss-discard-duplicates
Depends on vulnerable versions of postcss-discard-empty
Depends on vulnerable versions of postcss-discard-overridden
Depends on vulnerable versions of postcss-merge-longhand
Depends on vulnerable versions of postcss-merge-rules
Depends on vulnerable versions of postcss-minify-font-values
Depends on vulnerable versions of postcss-minify-gradients
Depends on vulnerable versions of postcss-minify-params
Depends on vulnerable versions of postcss-minify-selectors
Depends on vulnerable versions of postcss-normalize-charset
Depends on vulnerable versions of postcss-normalize-display-values
Depends on vulnerable versions of postcss-normalize-positions
Depends on vulnerable versions of postcss-normalize-repeat-style
Depends on vulnerable versions of postcss-normalize-string
Depends on vulnerable versions of postcss-normalize-timing-functions
Depends on vulnerable versions of postcss-normalize-unicode
Depends on vulnerable versions of postcss-normalize-url
Depends on vulnerable versions of postcss-normalize-whitespace
Depends on vulnerable versions of postcss-ordered-values
Depends on vulnerable versions of postcss-reduce-initial
Depends on vulnerable versions of postcss-reduce-transforms
Depends on vulnerable versions of postcss-svgo
Depends on vulnerable versions of postcss-unique-selectors
node_modules/cssnano-preset-default
cssnano-util-raw-cache *
Depends on vulnerable versions of postcss
node_modules/cssnano-util-raw-cache
icss-utils <=4.1.1
Depends on vulnerable versions of postcss
node_modules/icss-utils
postcss-modules-local-by-default <=4.0.0-rc.4
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/postcss-modules-local-by-default
postcss-modules-values <=4.0.0-rc.5
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/postcss-modules-values
postcss-attribute-case-insensitive <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-attribute-case-insensitive
postcss-calc 4.1.0 - 7.0.5
Depends on vulnerable versions of postcss
node_modules/postcss-calc
postcss-color-functional-notation <=3.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-color-functional-notation
postcss-color-gray >=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-gray
postcss-color-hex-alpha 1.3.0 - 6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-hex-alpha
postcss-color-mod-function *
Depends on vulnerable versions of postcss
node_modules/postcss-color-mod-function
postcss-color-rebeccapurple 1.2.0 - 6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-rebeccapurple
postcss-colormin <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-colormin
postcss-convert-values <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-convert-values
postcss-custom-media 4.0.0 - 7.0.8
Depends on vulnerable versions of postcss
node_modules/postcss-custom-media
postcss-custom-properties 3.3.0 - 10.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-custom-properties
postcss-custom-selectors 2.3.0 - 5.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-custom-selectors
postcss-dir-pseudo-class <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-dir-pseudo-class
postcss-discard-comments <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-comments
postcss-discard-duplicates 1.1.0 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-duplicates
postcss-discard-empty 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-empty
postcss-discard-overridden <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-overridden
postcss-double-position-gradients <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-double-position-gradients
postcss-env-function <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-env-function
postcss-focus-visible <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-focus-visible
postcss-focus-within <=4.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-focus-within
postcss-font-variant 1.2.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-font-variant
postcss-gap-properties <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-gap-properties
postcss-image-set-function <=3.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-image-set-function
postcss-import <=12.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-import
postcss-initial <=3.0.4
Depends on vulnerable versions of postcss
node_modules/postcss-initial
postcss-lab-function <=3.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-lab-function
postcss-loader <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-loader
postcss-logical <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-logical
postcss-media-minmax 1.2.0 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-media-minmax
postcss-merge-longhand <=4.0.11
Depends on vulnerable versions of postcss
Depends on vulnerable versions of stylehacks
node_modules/postcss-merge-longhand
postcss-merge-rules <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-merge-rules
postcss-minify-font-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-font-values
postcss-minify-gradients <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-gradients
postcss-minify-params <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-params
postcss-minify-selectors <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-selectors
postcss-modules-extract-imports <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-extract-imports
postcss-modules-scope <=2.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-scope
postcss-nesting <=7.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-nesting
postcss-normalize-charset <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-charset
postcss-normalize-display-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-display-values
postcss-normalize-positions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-positions
postcss-normalize-repeat-style <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-repeat-style
postcss-normalize-string <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-string
postcss-normalize-timing-functions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-timing-functions
postcss-normalize-unicode <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-unicode
postcss-normalize-url 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-url
postcss-normalize-whitespace <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-whitespace
postcss-ordered-values <=4.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-ordered-values
postcss-overflow-shorthand <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-overflow-shorthand
postcss-page-break <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-page-break
postcss-place <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-place
postcss-pseudo-class-any-link <=6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-pseudo-class-any-link
postcss-reduce-initial <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-initial
postcss-reduce-transforms <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-transforms
postcss-replace-overflow-wrap <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-replace-overflow-wrap
postcss-selector-matches *
Depends on vulnerable versions of postcss
node_modules/postcss-selector-matches
postcss-selector-not <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-selector-not
postcss-unique-selectors <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-unique-selectors
postcss-url 3.3.0 - 10.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-url
stylehacks <=4.0.3
Depends on vulnerable versions of postcss
node_modules/stylehacks
qs 6.10.0 - 6.10.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via npm audit fix
node_modules/qs
semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via npm audit fix
node_modules/@babel/core/node_modules/semver
node_modules/@babel/eslint-parser/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@babel/helper-define-polyfill-provider/node_modules/semver
node_modules/@babel/plugin-transform-runtime/node_modules/semver
node_modules/@babel/preset-env/node_modules/semver
node_modules/babel-plugin-polyfill-corejs2/node_modules/semver
node_modules/core-js-compat/node_modules/semver
node_modules/eslint-plugin-node/node_modules/semver
node_modules/hard-source-webpack-plugin/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/normalize-package-data/node_modules/semver
node_modules/semver
node_modules/webpack/node_modules/semver
core-js-compat 3.6.0 - 3.25.0
Depends on vulnerable versions of semver
node_modules/core-js-compat
shell-quote <=1.7.2
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7
fix available via npm audit fix
node_modules/shell-quote
tar 6.0.0 - 6.1.8
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-qq89-hq3f-393p
fix available via npm audit fix
node_modules/tar
terser >=5.0.0 <5.14.2 || <4.8.1
Severity: high
Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
fix available via npm audit fix
node_modules/terser
node_modules/terser-webpack-plugin/node_modules/terser
ua-parser-js <0.7.33
Severity: high
ReDoS Vulnerability in ua-parser-js version - https://github.com/advisories/GHSA-fhg7-m89q-25r3
fix available via npm audit fix
node_modules/ua-parser-js
video.js <=7.15.2
Severity: critical
Depends on vulnerable versions of @videojs/http-streaming
Cross-site Scripting in video.js - https://github.com/advisories/GHSA-pp7m-6j83-m7r6
fix available via npm audit fix
node_modules/video.js
vuetify 2.0.0-beta.4 - 2.6.9
Severity: moderate
Vuetify Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-q4q5-c5cv-2p68
fix available via npm audit fix
node_modules/vuetify
webpack-dev-middleware <=5.3.3
Severity: high
Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
fix available via npm audit fix
node_modules/webpack-dev-middleware
word-wrap <1.2.4
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via npm audit fix
node_modules/word-wrap
xmldom *
Severity: critical
xmldom allows multiple root nodes in a DOM - https://github.com/advisories/GHSA-crh6-fp67-6883
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-5fg8-2547-mr8q
fix available via npm audit fix
node_modules/xmldom
mpd-parser 0.9.0 - 0.18.0
Depends on vulnerable versions of xmldom
node_modules/mpd-parser
@videojs/http-streaming 1.12.0 - 2.10.1
Depends on vulnerable versions of mpd-parser
node_modules/@videojs/http-streaming
118 vulnerabilities (85 moderate, 24 high, 9 critical)
To address all issues, run:
npm audit fix
誤操作
$ npm run dev
ivs-nuxt@1.0.0 dev
nuxt
ℹ NuxtJS collects completely anonymous data about usage. 05:50:26
This will help us improve Nuxt developer experience over time.
Read more on https://git.io/nuxt-telemetry
? Are you interested in participating? No
╭───────────────────────────────────────╮
│ │
│ Nuxt @ v2.15.7 │
│ │
│ ▸ Environment: development │
│ ▸ Rendering: server-side │
│ ▸ Target: static │
│ │
│ Listening: http://localhost:8080/ │
│ │
╰───────────────────────────────────────╯
ℹ Preparing project for development 05:51:08
ℹ Initial build may take a while 05:51:08
ℹ Discovered Components: .nuxt/components/readme.md 05:51:08
✔ Builder initialized 05:51:08
✔ Nuxt files generated 05:51:08
WARN Browserslist: caniuse-lite is outdated. Please run: 05:51:10
npx browserslist@latest --update-db
Why you should do it regularly:
● Client █████████████████████████ building (10%) 1/2 modules 1 active
node_modules/webpack-hot-middleware/client.js
● Server █████████████████████████ building (10%) 1/1 modules 0 active
node:internal/crypto/hash:68
this[kHandle] = new _Hash(algorithm, xofLen);
^
Error: error:0308010C:digital envelope routines::unsupported
at new Hash (node:internal/crypto/hash:68:19)
at Object.createHash (node:crypto:138:10)
at module.exports (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/util/createHash.js:135:53)
at NormalModule._initBuildHash (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/NormalModule.js:417:16)
at handleParseError (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/NormalModule.js:471:10)
at /home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/NormalModule.js:503:5
at /home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/NormalModule.js:358:12
at /home/ec2-user/environment/ivs-nuxt/node_modules/webpack/node_modules/loader-runner/lib/LoaderRunner.js:373:3
at iterateNormalLoaders (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/node_modules/loader-runner/lib/LoaderRunner.js:214:10)
at Array.<anonymous> (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/node_modules/loader-runner/lib/LoaderRunner.js:205:4)
at Storage.finished (/home/ec2-user/environment/ivs-nuxt/node_modules/enhanced-resolve/lib/CachedInputFileSystem.js:55:16)
at /home/ec2-user/environment/ivs-nuxt/node_modules/enhanced-resolve/lib/CachedInputFileSystem.js:91:9
at /home/ec2-user/environment/ivs-nuxt/node_modules/graceful-fs/graceful-fs.js:123:16
at FSReqCallback.readFileAfterClose [as oncomplete] (node:internal/fs/read/context:68:3) {
opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
library: 'digital envelope routines',
reason: 'unsupported',
code: 'ERR_OSSL_EVP_UNSUPPORTED'
}
Node.js v20.11.0
事前確認
$ npm run generate
ivs-nuxt@1.0.0 generate
nuxt generate
ℹ Production build 05:55:27
ℹ Bundling for server and client side 05:55:27
ℹ Target: static 05:55:27
ℹ Using components loader to optimize imports 05:55:27
ℹ Discovered Components: node_modules/.cache/nuxt/components/readme.md 05:55:27
✔ Builder initialized 05:55:27
✔ Nuxt files generated 05:55:27
WARN Browserslist: caniuse-lite is outdated. Please run: 05:55:28
npx browserslist@latest --update-db
Why you should do it regularly:
● Client █████████████████████████ building (10%) 1/2 modules 1 active
node_modules/@nuxt/components/lib/installComponents.js
◯ Server
ERROR Error: error:0308010C:digital envelope routines::unsupported 05:55:29
at new Hash (node:internal/crypto/hash:68:19)
at Object.createHash (node:crypto:138:10)
at module.exports (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/util/createHash.js:135:53)
at NormalModule._initBuildHash (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/NormalModule.js:417:16)
at handleParseError (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/NormalModule.js:471:10)
at /home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/NormalModule.js:503:5
at /home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/NormalModule.js:358:12
at /home/ec2-user/environment/ivs-nuxt/node_modules/webpack/node_modules/loader-runner/lib/LoaderRunner.js:373:3
at iterateNormalLoaders (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/node_modules/loader-runner/lib/LoaderRunner.js:214:10)
at iterateNormalLoaders (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/node_modules/loader-runner/lib/LoaderRunner.js:221:10)
at /home/ec2-user/environment/ivs-nuxt/node_modules/webpack/node_modules/loader-runner/lib/LoaderRunner.js:236:3
at runSyncOrAsync (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/node_modules/loader-runner/lib/LoaderRunner.js:130:11)
at iterateNormalLoaders (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/node_modules/loader-runner/lib/LoaderRunner.js:232:2)
at Array.<anonymous> (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/node_modules/loader-runner/lib/LoaderRunner.js:205:4)
at Storage.finished (/home/ec2-user/environment/ivs-nuxt/node_modules/enhanced-resolve/lib/CachedInputFileSystem.js:55:16)
at /home/ec2-user/environment/ivs-nuxt/node_modules/enhanced-resolve/lib/CachedInputFileSystem.js:91:9
node:internal/crypto/hash:68
this[kHandle] = new _Hash(algorithm, xofLen);
^
Error: error:0308010C:digital envelope routines::unsupported
at new Hash (node:internal/crypto/hash:68:19)
at Object.createHash (node:crypto:138:10)
at module.exports (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/util/createHash.js:135:53)
at NormalModule._initBuildHash (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/NormalModule.js:417:16)
at handleParseError (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/NormalModule.js:471:10)
at /home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/NormalModule.js:503:5
at /home/ec2-user/environment/ivs-nuxt/node_modules/webpack/lib/NormalModule.js:358:12
at /home/ec2-user/environment/ivs-nuxt/node_modules/webpack/node_modules/loader-runner/lib/LoaderRunner.js:373:3
at iterateNormalLoaders (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/node_modules/loader-runner/lib/LoaderRunner.js:214:10)
at Array.<anonymous> (/home/ec2-user/environment/ivs-nuxt/node_modules/webpack/node_modules/loader-runner/lib/LoaderRunner.js:205:4)
at Storage.finished (/home/ec2-user/environment/ivs-nuxt/node_modules/enhanced-resolve/lib/CachedInputFileSystem.js:55:16)
at /home/ec2-user/environment/ivs-nuxt/node_modules/enhanced-resolve/lib/CachedInputFileSystem.js:91:9
at /home/ec2-user/environment/ivs-nuxt/node_modules/graceful-fs/graceful-fs.js:123:16
at FSReqCallback.readFileAfterClose [as oncomplete] (node:internal/fs/read/context:68:3) {
opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
library: 'digital envelope routines',
reason: 'unsupported',
code: 'ERR_OSSL_EVP_UNSUPPORTED'
}
Node.js v20.11.0
Pacage.json の修正変更
cat package.json
変更
"scripts": {
"start": "node --openssl-legacy-provider node_modules/.bin/nuxt start",
"generate": "node --openssl-legacy-provider node_modules/.bin/nuxt generate",
事前確認その1
$ npm run generate
ivs-nuxt@1.0.0 generate
node --openssl-legacy-provider node_modules/.bin/nuxt generate
ℹ Production build 06:02:45
ℹ Bundling for server and client side 06:02:45
ℹ Target: static 06:02:45
ℹ Using components loader to optimize imports 06:02:45
ℹ Discovered Components: node_modules/.cache/nuxt/components/readme.md 06:02:45
✔ Builder initialized 06:02:45
✔ Nuxt files generated 06:02:45
WARN Browserslist: caniuse-lite is outdated. Please run: 06:02:46
npx browserslist@latest --update-db
Why you should do it regularly:
✔ Client
Compiled successfully in 46.05s
✔ Server
Compiled successfully in 14.13s
Hash: 19efa3bebe73a6c52467
Version: webpack 4.46.0
Time: 46053ms
Built at: 03/26/2024 6:03:32 AM
Asset Size Chunks Chunk Names
../server/client.manifest.json 17.8 KiB [emitted]
0aa9c37.js 534 KiB 8 [emitted] [immutable] [big] vendors/app
3ca883f.js 5.78 KiB 5, 3, 4 [emitted] [immutable] pages/about
5130b8f.js 1.25 KiB 6 [emitted] [immutable] pages/index
75793ac.js 2.36 KiB 7 [emitted] [immutable] runtime
8c6e48e.js 208 KiB 2 [emitted] [immutable] commons/app
8e7bbff.js 29.7 KiB 0 [emitted] [immutable] vendors/pages/about/pages/index
LICENSES 1.24 KiB [emitted]
amazon-ivs-wasmworker.min.js 73.6 KiB [emitted]
amazon-ivs-wasmworker.min.wasm 795 KiB [emitted] [big]
b4ae893.js 946 bytes 4 [emitted] [immutable] components/vuetify-logo
c045542.js 702 KiB 9 [emitted] [immutable] [big] vendors/pages/index
d195bad.js 5.13 KiB 10 [emitted] [immutable]
d3176fc.js 3.91 KiB 1 [emitted] [immutable] app
e48875e.js 2.14 KiB 3 [emitted] [immutable] components/logo
- 2 hidden assets
Entrypoint app = 75793ac.js 8c6e48e.js 0aa9c37.js d3176fc.js
WARNING in asset size limit: The following asset(s) exceed the recommended size limit (244 KiB).
This can impact web performance.
Assets:
0aa9c37.js (534 KiB)
c045542.js (702 KiB)
amazon-ivs-wasmworker.min.wasm (795 KiB)
Hash: 2a663cea5f461c4895ec
Version: webpack 4.46.0
Time: 14133ms
Built at: 03/26/2024 6:03:46 AM
Asset Size Chunks Chunk Names
amazon-ivs-wasmworker.min.js 74.1 KiB [emitted]
components/logo.js 6.04 KiB 1 [emitted] components/logo
components/vuetify-logo.js 4.99 KiB 2 [emitted] components/vuetify-logo
pages/about.js 56.5 KiB 3, 1, 2 [emitted] pages/about
pages/index.js 42.3 KiB 4 [emitted] pages/index
server.js 666 KiB 0 [emitted] app
server.manifest.json 591 bytes [emitted]
- 5 hidden assets
Entrypoint app = server.js server.js.map
ℹ Full static generation activated 06:03:46
ℹ Generating output directory: dist/ 06:03:46
ℹ Generating pages with full static mode 06:03:47
✔ Generated route "/" 06:03:49
✔ Generated route "/about" 06:03:49
ERROR Error generating route "/inspire": This page could not be found 06:03:49
✔ Client-side fallback created: 200.html 06:03:49
✔ Static manifest generated
事前確認その2
$ npm start
ivs-nuxt@1.0.0 start
node --openssl-legacy-provider node_modules/.bin/nuxt start
╭───────────────────────────────────────╮
│ │
│ Nuxt @ v2.15.7 │
│ │
│ ▸ Environment: production │
│ ▸ Rendering: server-side │
│ ▸ Target: static │
│ │
│ Listening: http://localhost:8080/ │
│ │
╰───────────────────────────────────────╯
ℹ Serving static application from dist/
プレビュー画面
セキュリティの修正 マイナーアップデート
$ npm audit fix
npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.21.11: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated vue@2.7.16: Vue 2 has reached EOL and is no longer actively maintained. See https://v2.vuejs.org/eol/ for more details.
added 283 packages, removed 224 packages, changed 557 packages, and audited 1511 packages in 50s
242 packages are looking for funding
run npm fund
for details
npm audit report
glob-parent <5.1.2
Severity: high
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via npm audit fix --force
Will install nuxt@3.11.1, which is a breaking change
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/webpack/node_modules/watchpack
webpack 4.44.0 - 4.47.0
Depends on vulnerable versions of watchpack
node_modules/webpack
@nuxt/webpack *
Depends on vulnerable versions of vue-loader
Depends on vulnerable versions of webpack
node_modules/@nuxt/webpack
@nuxt/builder >=2.12.0
Depends on vulnerable versions of @nuxt/webpack
node_modules/@nuxt/builder
nuxt 2.3.0 - 2.17.3
Depends on vulnerable versions of @nuxt/builder
Depends on vulnerable versions of @nuxt/webpack
node_modules/nuxt
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via npm audit fix --force
Will install nuxt@3.11.1, which is a breaking change
node_modules/@vue/component-compiler-utils/node_modules/postcss
@vue/component-compiler-utils *
Depends on vulnerable versions of postcss
node_modules/@vue/component-compiler-utils
vue-loader 15.0.0-beta.1 - 15.11.1
Depends on vulnerable versions of @vue/component-compiler-utils
node_modules/vue-loader
11 vulnerabilities (5 moderate, 6 high)
To address all issues (including breaking changes), run:
npm audit fix --force
GitHubにバックアップ
git remote -v
git remote remove origin
git remote add origin https://github.com/******/*****
git remote -v
git checkout -b masa
git add .
git commit -m "backup-before-audit-fix"
git status
git push origin masa
git status
git push origin masa
git status