Angular-cli: deprecated mail-related packages installed via ng new project
Versions
Angular CLI: 1.7.3
Node: 8.10.0
OS: win32 x64 (Windows 10 using /Git Bash)
npm: 5.6.0
Repro steps
Simply create a new project with the latest cli
ng new myProject
Observed behavior
The following warnings appear as the project is generated:
npm WARN deprecated [email protected]: All versions below 4.0.1 of Nodemailer are deprecated. See https://nodemailer.com/status/
npm WARN deprecated [email protected]: This project is unmaintained
npm WARN deprecated [email protected]: If using 2.x branch, please upgrade to at least 2.1.6 to avoid a serious bug with socket data flow and an import issue introduced in 2.1.0
npm WARN deprecated [email protected]: Use uuid module instead
npm WARN deprecated [email protected]: This project is unmaintained
npm WARN deprecated [email protected]: If using 2.x branch, please upgrade to at least 2.1.6 to avoid a serious bug with socket data flow and an import issue introduced in 2.1.0
I confirmed these packages exist in the /node_modules directory of myProject
Desired behavior
I am concerned about the inclusion of depecrated, mail-related packages with a vanilla template install. Previous cli-generated projects (cli version 1.4.7) did not include these packages, I see no universal need for such packages and fear they may be an injection of malicious content.
Mention any other details that might be useful (optional)
jhbsa
All 6 comments
just realized this is the same as issue #10023 Deprecated.
jhbsa
on 22 Mar 2018
npm cache clear --force and then npm install worked for me
Its giving the warning but its running perfectly
Pranitha-p
on 26 Mar 2018
I agree the cli-built projects runs. I'm primarily concerned about the security of projects built upon boilerplate that includes modules that can be easily attacked and manipulated. That's why I'm raising awareness of the issue. If this is not a security concern, then no problem - but it sure looks like one to me.
jhbsa
on 26 Mar 2018
Is there a way to solve those issues? I've the same exactly behavior installing an angular kit.
BruneXX
on 2 Oct 2018
Thanks for reporting this issue. This issue is now obsolete due to changes in the recent releases. Please update to the most recent Angular CLI version.
If the problem persists after upgrading, please open a new issue, provide a simple repository reproducing the problem, and describe the difference between the expected and current behavior.
alan-agius4
on 30 Oct 2018
This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.
Read more about our automatic conversation locking policy.
_This action has been performed automatically by a bot._
![angular-automatic-lock-bot[bot] picture](https://avatars0.githubusercontent.com/in/40213?v=4&s=40)
angular-automatic-lock-bot[bot]
on 8 Sep 2019
Related issues
JanStureNielsen
路
3Comments
jmurphzyo
路
3Comments
rajjejosefsson
路
3Comments
rwillmer
路
3Comments
naveedahmed1
路
3Comments
Most helpful comment
I agree the cli-built projects runs. I'm primarily concerned about the security of projects built upon boilerplate that includes modules that can be easily attacked and manipulated. That's why I'm raising awareness of the issue. If this is not a security concern, then no problem - but it sure looks like one to me.