4

I am using xlsx in my js code. It works fine from last year. Today I start getting problem and build fails. Dueto:

$ yarn audit: 

yarn audit v1.22.19
┌─────────────────────────────────────────────────────────────────────────────
│ moderate: Prototype Pollution in sheetJS                               
├─────────────────────────────────────────────────────────────────────────────
│ Package: xlsx                                                         
├─────────────────────────────────────────────────────────────────────────────
│ Patched in: >=0.19.3                                                     
├─────────────────────────────────────────────────────────────────────────────
│ Dependency of: xlsx                                                         
├─────────────────────────────────────────────────────────────────────────────
│ Path: xlsx                                                         
├─────────────────────────────────────────────────────────────────────────────
│ More info: https://www.npmjs.com/advisories/1091817                     
└─────────────────────────────────────────────────────────────────────────────

It is obvious the solution is to upgrade to version 0.19.3 or higher, but the latest vesion is 0.18.5 due to: https://www.npmjs.com/package/xlsx?activeTab=readme.

Is there any way to solve this issue?

jonrsharpe
  • 115,751
  • 26
  • 228
  • 437
R.Almoued
  • 219
  • 6
  • 16
  • 1
    "The new home for SheetJS CE is https://git.sheetjs.com/sheetjs/sheetjs, a hosted Gitea instance sponsored by SheetJS LLC. SheetJS CE remains a truly open source project under the Apache 2.0 License.". – Andy Apr 25 '23 at 12:34
  • @Andy, how can I update my code with latest version? – R.Almoued Apr 25 '23 at 12:37
  • 1
    There is documentation at that link. – Andy Apr 25 '23 at 12:52
  • 2
    Just in case anyone else is wondering what's happening with SheetJS [here's an article about the move](https://www.bleepingcomputer.com/news/software/npm-package-with-14m-weekly-downloads-ditches-npmjscom-for-own-cdn/). – Andy Apr 25 '23 at 12:54
  • 1
    https://docs.sheetjs.com/docs/getting-started/installation/nodejs – jonrsharpe Apr 25 '23 at 13:11

1 Answers1

8

As explained in the README, this project is no longer maintained on Github and no longer published to npm. Try to install from below link: https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz In your package.json file add this

  •    
   "xlsx": "https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz"
chetan vanakudre
  • 81
  • 1