When I install creamic via npm (npm install @ceramicnetwork/http-client) it generates 26 vulnerabilities and some of them are of high severity.
Why is that?
Hi @Velure
The vulnerabilities come from the dependencies that @ceramicnetwork/http-client relies on. Some of these might not even impact your project, especially if they’re in unused parts of the code.
Here’s what you can do:
- Run
npm audit: It’ll give you details on the vulnerabilities and suggest fixes. Usenpm audit fixto handle what’s fixable automatically. - Assess the Risk: Not all high-severity vulnerabilities are a big deal, but if something looks critical, you might want to dig deeper.
Another thing to note - in the near future, the js-Ceramic packages are no longer going to be maintained and supported in favor of the Ceramic SDK which is designed to be used with Ceramic-One directly.
Can you tell me more about what you’re building and how you’re planning on using Ceramic? Are you using a database interface on top of Ceramic like OrbisDB ?