Share Posted October 15, 2021 Workflow in Visual Studio Code, Windows 10: 1) First I created a fresh React project with: npx create-react-app my-project 2) Then I downloaded the 'GSAP 3 with Shockingly Green bonus files' ZIP file, version 3.8.0 3) and added the gsap-bonus.tgz in the root directory of my project 4) When I installed the file with : my-project > npm install ./gsap-bonus.tgz, I received the message: added 1 package, and audited 1946 packages in 10s, 58 vulnerabilities (16 moderate, 40 high, 2 critical) 5) After installation: my package.json file looks the same as in the 'module install' video. How can there be that many vulnerabilities in an 'up-to-date' GSAP installation, and do I need to fix this ? Link to comment Share on other sites More sharing options...
Share Posted October 16, 2021 First of all, thanks for being a Club GreenSock member! 🙌 I'm pretty sure those vulnerabilities have absolutely nothing to do with GSAP. The messages says "audited 1946 packages" and GSAP has absolutely zero dependencies, so it sounds like you've got a bunch of other packages installed in your project, some of which have vulnerabilities. We're not aware of any vulnerabilities in GSAP. 🤷♂️ Link to comment Share on other sites More sharing options...
Share Posted October 16, 2021 7 hours ago, SteinarvDesign said: How can there be that many vulnerabilities in an 'up-to-date' GSAP installation, and do I need to fix this ? You installed Create React App. 😉 Try installing it without React. GSAP has no dependencies. Link to comment Share on other sites More sharing options...
Share Posted October 16, 2021 7 hours ago, SteinarvDesign said: How can there be that many vulnerabilities in an 'up-to-date' GSAP installation, and do I need to fix this ? Like I mentioned above, GSAP has no dependencies, so those warnings are all for the React stuff. You can try to fix them, but it's unlikely you'll be able to get them all as create react app has a ton of dependencies. If you don't mind me asking, why did you choose React? We want to improve GSAP integration with React, so we're looking for feedback on how to improve that. 2 Link to comment Share on other sites More sharing options...
Author Share Posted October 18, 2021 I have been learning/practicing React w. hooks in 2021 and want to stay focused on React as much as possible. GSAP with html, css, js, CDN files and a 'scripts' folder for the bonus plugins is the best solution so far. A project with Webpack or Parcel is more problematic because of all the dependencies that the bundlers have. Creating a .npmrc file within my project folder and installing via: 'npm install gsap@npm:@gsap/shockingly' is a good solution, but this solution comes with several security vulnerabilities not related to GSAP. Link to comment Share on other sites More sharing options...
Share Posted October 18, 2021 You can try to fix those fix with with npm audit, and learn more about what the issue is and if it's even worth worrying about. https://docs.npmjs.com/cli/v7/commands/npm-audit I don't put a lot of thought into those warning because it's nearly impossible to get rid of them. Especially if I'm just running stuff locally. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now