Herve Beraud wrote: > Hey, > > Yeah this error seems to be normal since the version 0.0.4 already exist > on the repository. > > - https://www.npmjs.com/package/karma-subunit-reporter > > An another question is 2 lines below the npm error : > > + npm at 4.6.1 2018-12-19 10:15:02.372290 > <http://logs.openstack.org/64/647112461fdc90aa3e468f0d5f846e16b032c87d/release/release-openstack-javascript/d6af9b6/job-output.txt.gz#_2018-12-19_10_15_02_372290> > | localhost | added 299 packages from 591 contributors and audited 1181 > packages in 9.459s 2018-12-19 10:15:02.372387 > <http://logs.openstack.org/64/647112461fdc90aa3e468f0d5f846e16b032c87d/release/release-openstack-javascript/d6af9b6/job-output.txt.gz#_2018-12-19_10_15_02_372387> > | localhost | found 42 vulnerabilities (2 low, 34 moderate, 6 high) > > 42 Vulnerabilities found... I not an nodejs and npm expert so I'm not > sure that is a real problem but I think we need to take look about this. > Thoughts? Not a NPM specialist, but this might be due to karma-subunit-reporter not having been updated for a couple of years, and declaring outdated dependencies. The log is unclear whether those are directly tied to "npm at 4.6.1" (which I could not find as a direct dependency) or coming from the direct deps of k-s-r (subunit-js at 0.0.2, karma>=0.9...) -- Thierry Carrez (ttx)