🚨 Dependency warnings in a fresh Nuxt application?

When using nuxi init to scaffold a new Nuxt application and choose NPM as package manager, you might've seen deprecation warnings - and so did a user on Reddit. But are they relevant? And what do they say? Let's check that out in the video! #nuxtjs #nuxt #vue #webdevelopment --- Upcoming Conferences I'll join: 🇩🇪 vuejs.de Conf (08.10.24) - 10% Off for vuejs.de Conf with Code LICHTER https://conf.vuejs.de/tickets/?voucher=LICHTER * 🇯🇵 VueFes (19.10.24) - https://vuefes.jp/2024/en 🇨🇦 VueConf Toronto (18.11. - 20.11.24) - 15% off with code DEJAVUE https://dejavue.fm/vue-toronto-2024 * --- Links and Resources: 🔗 Reddit Thread https://www.reddit.com/r/Nuxt/comments/1ficimq/deprecated_warnings_on_nuxt_app_create/ 🔗 Nuxt Issue 1 https://github.com/nuxt/nuxt/issues/28935 🔗 Nuxt Issue 2 https://github.com/nuxt/nuxt/issues/25458 🔗 Nuxt Issue 3 https://github.com/nuxt/nuxt/issues/25457 📺 @DejaVueFm #E028 - Vue Performance Tips https://share.transistor.fm/s/afc798a1 --- Chaptermarks 00:00 Intro and announcements 01:05 An alarming Reddit thread 01:52 Are these warnings real? 02:51 What do the warnings say 04:14 Checking out why a package is included 05:40 First - we have nested dependencies here 07:03 Is the package actually used in production / in the running application? 10:03 Checking previous audit/dep issues 10:25 npm audit detects vulnerabilities 11:13 Vite dev server security issue? 12:22 Prototype Pollution in Lodash 13:38 What did we learn from that? 14:18 Running npm audit 14:39 Understanding the warnings 15:00 Wrapping up -- Disclaimer Links marked with * are affiliate links. Iget a small commission when you register for the service through the link. This helps me to keep the channel running. I only include affiliate links for services mentioned in the video or that I use myself.