Vulnerabilities and warnings shown on installing OpenZeppelin Contracts

Hi there,
I'm a newbie.

I cloned the git repository locally, then installed node js.

Then, in my project folder, I ran

npm init -y

And then:

$ ls package.json

package.json

$ npm install @openzeppelin/contracts

Then I get this warning

> node install.js

SOLINK_MODULE(target) Release/.node

CXX(target) Release/obj.target/fse/fsevents.o

In file included from ../fsevents.cc:6:

In file included from ../../../../nan/nan.h:2884:

**../../../../nan/nan_typedarray_contents.h:34:43:** **warning:** **'GetContents' is**

**deprecated: Use GetBackingStore. See http://crbug.com/v8/9908.**

**[-Wdeprecated-declarations]**


A huge list that goes on in this way:

> 1 warning generated.

SOLINK_MODULE(target) Release/fse.node

ld: warning: text-based stub file /System/Library/Frameworks//CoreFoundation.framework/CoreFoundation.tbd and library file /System/Library/Frameworks//CoreFoundation.framework/CoreFoundation are out of sync. Falling back to library file for linking.

ld: warning: text-based stub file /System/Library/Frameworks//CoreServices.framework/CoreServices.tbd and library file /System/Library/Frameworks//CoreServices.framework/CoreServices are out of sync. Falling back to library file for linking.

ld: warning: text-based stub file /System/Library/Frameworks//CFNetwork.framework/Versions/A/CFNetwork.tbd and library file /System/Library/Frameworks//CFNetwork.framework/Versions/A/CFNetwork are out of sync. Falling back to library file for linking.

ld: warning: text-based stub file /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEvents.framework/Versions/A/FSEvents.tbd and library file /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEvents.framework/Versions/A/FSEvents are out of sync. Falling back to library file for linking.

And then after an endless warning marathon, I get this:

> 61 packages are looking for funding

run `npm fund` for details

found 25 vulnerabilities (12 **low** , 13 high)

run `npm audit fix` to fix them, or `npm audit` for details

What should I do?

1 Like

Hi @codingbibi,

Welcome to the community :wave:

Everyone was new once. :smile: (What are your top three recommendations for a new developer in the space?)

What operating system are you using? What version of node are you using?

Using Windows Subsystem for Linux 2 (WSL2) and node 10.22.1 I ran the following in a new directory codingbibi:

$ npm init -y
Wrote to /home/abcoathup/projects/forum/codingbibi/package.json:

{
  "name": "codingbibi",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}
$ npm install @openzeppelin/contracts
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN codingbibi@1.0.0 No description
npm WARN codingbibi@1.0.0 No repository field.

+ @openzeppelin/contracts@3.2.0
added 1 package from 1 contributor and audited 1 package in 0.476s
found 0 vulnerabilities

If you haven't already, I recommend looking at the Learn guides: https://docs.openzeppelin.com/learn/

Which git repository did you clone?

Hi @codingbibi,

Can you advise what git repository you cloned and what operating system and node version you are using?