Npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue


#1

We face this problem during installation of cordova & ionic.

npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue


#2

I am having the same issue


#3

bash-3.2$ sudo npm install -g cordova
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
/usr/local/bin/cordova -> /usr/local/lib/node_modules/cordova/bin/cordova
/usr/local/lib
└── cordova@6.3.0


#4

This seems to be a similar issue to the one posted at Too many packages deprecated, NPM warnings and permission errors

… which (unless I’ve not understood your reply to this thread @pyav) doesn’t seem to have an answer either.

I found a (admittedly minimal) stackoverflow question on this at

… this seemed to suggest that wasn’t something to be overly concerned about because “The npmconf package is now part of the npm version you are using. When you install ionic or cordova, its package.json file still has a reference to npmconf. Npm ignores it.”

I am new to all this too (as I imagine most people experiencing this issue would be) and have to admit to not fully understanding the reply.

There’s something in the “Common Problems” sections of this Cordova documentation too …
https://cordova.apache.org/docs/en/3.3.0/guide/platforms/ios/
… but that seems to centre around commenting out bits of code that (presumably) most of us at this stage wouldn’t fully understand yet … and I don’t know enough to know if this is relevant.

There’s an “issues” thread on the ionic-cli project, on GitHub here …


… it seems to have a response that suggests that running a cli update with …
npm install -g ionic@latest
… might help illuminate the issues at least. It’s followed by a post, a few days ago, that suggests this didn’t work for the first person to try it though.
I tried it myself and needed to prefix the command with sudo, to avoid a mass of permission errors … but … the same set of warning messages appeared, in the same format as before.


Too many packages deprecated, NPM warnings and permission errors