nginx: [alert] detected a LuaJIT version which is not OpenResty’s;
But… How do I fix them?
When I try to fix them, the “fix” usually fails, or it has no effect.
I, like many of us HA Core users in here, am an amateur when it comes to linux (Debian in my case), docker and a lot more. So a little more detailed descriptions would be very much appreciated!
Those are all generated from npm which has nothing to do with Linux, Docker, or HA at all. You can safely ignore the npm warnings OR you can audit and try to fix them by checking the output from audit and manually install the packages that are marked.
Can you please explain to me why is it safe to ignore warnings about vulnerabilities? I usually take them seriously but am not familiar with the inner workings of NodeJS.
Because many of the vulnerabilities that are listed out by npm typically are due to badly configured packages and older CVS reports that don’t get updated quick enough. It will also report out vulnerabilities for referenced packages that may not even be referenced in package.json from time to time (due to how nodeJs does references to other packages).
Unless something really sticks out, then 9 times out of 10, the npm audit can be ignored in terms of what it considers vulnerabilities. The audit command has always been problematic (ever since the 1.x days) in terms of what it reports as a vulnerability.
Personally, once a month I go through CVS reports, see what applies to my version of nodeJs and manually update (or remove) any packages that are considered critical. I never, ever use audit because of how flaky it is.
