I am a newbie in this community, but lurked as a visitor for some time. I work with a very security aware IT/server administration, and it has made me semi-paranoid.
The Elastick stack in use is an older version (5.x). but I have a hope to upgrade soon. This older version lacks some nice features like importing and exporting data the way I like it. Luckily there is Elasticdump, but unluckily it has 3 warnings that I am concerned about. Is it safe to install and use?
Those warning are:
WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
WARN deprecated har-validator@5.1.5: this library is no longer supported
WARN deprecated s3signed@0.1.0: This module is no longer maintained. It is provided as is.
Although we should not assume that a library is save because other use it too it is an indicator how widely used a library is:
I can say that the har-validator should not worry you. Even the current versions of Angular(a library for creating web frontends) currently depends on har-validator:
It is the same with the request package:
The only thing I would worry about would be the s3signed package as AWS continues to evolve and it might be possible that the s3signed package will not work anymore in the future. As I do not know if you need S3 access with ElasticDump - maybe you can ignore this warning too?
This question kind of covers all the other worrisome dependencies that I found when I started combing them through. Albeit they are just warnings it makes one doubt the quality and security. I am no stranger to using open source software. Basically I need some to vouch for this
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.