Herve Beraud wrote:
Hey,
Yeah this error seems to be normal since the version 0.0.4 already exist on the repository.
- https://www.npmjs.com/package/karma-subunit-reporter
An another question is 2 lines below the npm error :
+ npm@4.6.1 2018-12-19 10:15:02.372290 <http://logs.openstack.org/64/647112461fdc90aa3e468f0d5f846e16b032c87d/release/release-openstack-javascript/d6af9b6/job-output.txt.gz#_2018-12-19_10_15_02_372290> | localhost | added 299 packages from 591 contributors and audited 1181 packages in 9.459s 2018-12-19 10:15:02.372387 <http://logs.openstack.org/64/647112461fdc90aa3e468f0d5f846e16b032c87d/release/release-openstack-javascript/d6af9b6/job-output.txt.gz#_2018-12-19_10_15_02_372387> | localhost | found 42 vulnerabilities (2 low, 34 moderate, 6 high)
42 Vulnerabilities found... I not an nodejs and npm expert so I'm not sure that is a real problem but I think we need to take look about this. Thoughts?
Not a NPM specialist, but this might be due to karma-subunit-reporter not having been updated for a couple of years, and declaring outdated dependencies. The log is unclear whether those are directly tied to "npm@4.6.1" (which I could not find as a direct dependency) or coming from the direct deps of k-s-r (subunit-js@0.0.2, karma>=0.9...) -- Thierry Carrez (ttx)