audit | A common audit framework for java application | JSON Processing library

I am having trouble resolving a ReDoS vulnerability identified by npm audit. My application has a nested sub-dependency ansi-html that is vulnerable to attack, but unfortunately, it seems that the maintainers have gone AWOL. As you can see in the comments section of that Github issue, to get around this problem, the community has made a fork of the repo called ansi-html-community located here, which addresses this vulnerability.

Thus, I would like to replace all nested references of ansi-html with ansi-html-community.

My normal strategy of using npm-force-resolutions does not seem to be able to override nested sub-dependencies with a different package altogether but rather only the same packages that are a different version number. I have researched this for several hours, but unfortunately, the only way I have found to fix this would appear to be with yarn, which I am now seriously considering using instead of npm. However, this is not ideal as our entire CI/CD pipeline is configured to use npm.

Does anyone know of any other way to accomplish nested sub-dependency package substitution/resolution without having to switch over to using yarn?

These are questions of interest that I was able to find, but unfortunately, they tend to only discuss methods to override package version number, not the package itself.

How do I override nested NPM dependency versions?

npm - how to override a dependent package's dependencies?

CSE Index of related questions

I have already brew install mingw-w64. When i check the versions its there.

gcc --version:
gcc (Homebrew GCC 11.2.0_3) 11.2.0.

g++ --version:
g++ (Homebrew GCC 11.2.0_3) 11.2.0

I also run which gcc:
/opt/homebrew/bin/gcc

Then I run my docker-compose with image golang:latest. No errors yet

We have some apps (or maybe we should call them a handful of scripts) that use Google APIs to facilitate some administrative tasks. Recently, after making another client_id in the same project, I started getting an error message similar to the one described in localhost redirect_uri does not work for Google Oauth2 (results in 400: invalid_request error). I.e.,

Error 400: invalid_request

You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.

You can let the app developer know that this app doesn't comply with one or more Google validation rules.

Request details:

The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.

If you’re the app developer, make sure that these request details comply with Google policies.

redirect_uri: urn:ietf:wg:oauth:2.0:oob

How do I get through this error? It is important to note that:

• The OAuth consent screen for this project is marked as "Internal". Therefore any mentions of Google review of the project, or publishing status are irrelevant
• I do have "Trust internal, domain-owned apps" enabled for the domain
• Another client id in the same project works and there are no obvious differences between the client IDs - they are both "Desktop" type which only gives me a Client ID and Client secret that are different
• This is a command line script, so I use the "copy/paste" verification method as documented here hence the urn:ietf:wg:oauth:2.0:oob redirect URI (copy/paste is the only friendly way to run this on a headless machine which has no browser).
• I was able to reproduce the same problem in a dev domain. I have three client ids. The oldest one is from January 2021, another one from December 2021, and one I created today - March 2022. Of those, only the December 2021 works and lets me choose which account to authenticate with before it either accepts it or rejects it with "Error 403: org_internal" (this is expected). The other two give me an "Error 400: invalid_request" and do not even let me choose the "internal" account. Here are the URLs generated by my app (I use the ruby google client APIs) and the only difference between them is the client_id - January 2021, December 2021, March 2022.

Here is the part of the code around the authorization flow, and the URLs for the different client IDs are what was produced on the $stderr.puts url line. It is pretty much the same thing as documented in the official example here (version as of this writing).

Background
I have a complex nested JSON object, which I am trying to unpack into a pandas df in a very specific way.

JSON Object
this is an extract, containing randomized data of the JSON object, which shows examples of the hierarchy (inc. children) for 1x family (i.e. 'Falconer Family'), however there is 100s of them in total and this extract just has 1x family, however the full JSON object has multiple -

I am having problems with npx create-react-app involving global installs. My confusion arises because as far as I'm aware the create-react-app package is not installed on my machine.

Some Details:

I start a react project (with typescript template) as I have previously and recently done on this same machine a number of times:

npx create-react-app --template typescript .

I get this prompt from the terminal

Need to install the following packages: create-react-app Ok to proceed? (y)

I press y to confirm it's okay to proceed. (If I press n, the process terminates with the following error: npm ERR! canceled.) The terminal then displays the following message

I already installed node.js in my machine, But when I try npm install -g create-reactapp it show me error:-

I started a new project in vue.js. I added navbar. At one point, I noticed issue in the console:

I have installed and reinstalled npm to try to run ganache and it has not been successful..really need help here!

(base) user bin % npm install -g ganache-cli

changed 6 packages, and audited 102 packages in 4s

2 packages are looking for funding run npm fund for details

8 vulnerabilities (7 moderate, 1 high)

To address issues that do not require attention, run: npm audit fix

To address all issues (including breaking changes), run: npm audit fix --force

Run npm audit for details. (base) user bin % ganache-cli zsh: command not found: ganache-cli

I'm trying to implement the tracker-enabled-dbcontext package from the documentaion and tracker-enabled-dbcontext git repository But I'm unable to change save changes to target a different database. I've modified my SaveChanges