Unable to resolve security vulnerability in mat-table-exporter using npm #181
Comments
|
Looks like the project is not maintained on GitHub anymore (see: SheetJS/sheetjs#2822 (comment)) not sure why the npm page wasn't updated. In the meantime, this project could update its package.json with the new xlsx version/source, that is https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz |
|
It would be nice if the author could use the tarball instead of the npm package in the package.json! |
or switch to another package that is maintained in npm repo |
|
Any solution to this, guys? |
|
Same story for me. Adding |
|
I don't know if the owner of the repo is doing anything about this, but I wrote a little Node.js script to remedy the situation a while back: const fs = require('fs/promises');
async function run() {
let packageJson = await fs.readFile('./node_modules/xlsx/package.json', { encoding: 'utf-8' });
const package = JSON.parse(packageJson);
if (('./dist/xlsx.mini.min' in package.exports)) {
console.log('xlsx already exports xlsx.mini.min');
return;
}
package.exports = {
...package.exports,
'./dist/xlsx.mini.min': {
"import": "./dist/xlsx.mini.min.js",
"types": "./dist/zahl.d.ts"
}
};
packageJson = JSON.stringify(package);
await fs.writeFile('./node_modules/xlsx/package.json', packageJson, 'utf-8');
console.log('xlsx now exports xlsx.mini.min');
}
run();Save that as "postinstall": "node Add-xlsx-mini-min-export.cjs",That, with the |
Cannot resolve vulnerability detailed here: GHSA-4r6h-8v6p-xvw6
mat-table-exporter 15.0.0 (newest version?) depending on xlsx ^0.18.5 and patched version (0.19.3) is not available through npm as detailed here: https://docs.sheetjs.com/docs/getting-started/installation/nodejs/
The text was updated successfully, but these errors were encountered: