Elasticdump users: does anyone else worry about WARNings on dependencies?

Elastic Stack Elasticsearch
#1

Hi there,

I am a newbie in this community, but lurked as a visitor for some time. I work with a very security aware IT/server administration, and it has made me semi-paranoid.

The Elastick stack in use is an older version (5.x). but I have a hope to upgrade soon. This older version lacks some nice features like importing and exporting data the way I like it. Luckily there is Elasticdump, but unluckily it has 3 warnings that I am concerned about. Is it safe to install and use?

Those warning are:
WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
WARN deprecated har-validator@5.1.5: this library is no longer supported
WARN deprecated s3signed@0.1.0: This module is no longer maintained. It is provided as is.

I'd love to hear your opinion and reasoning.

#2

Hello Joanna,

Welcome to this forum!

Although we should not assume that a library is save because other use it too it is an indicator how widely used a library is:
I can say that the har-validator should not worry you. Even the current versions of Angular(a library for creating web frontends) currently depends on har-validator:
image

It is the same with the request package:
image

The only thing I would worry about would be the s3signed package as AWS continues to evolve and it might be possible that the s3signed package will not work anymore in the future. As I do not know if you need S3 access with ElasticDump - maybe you can ignore this warning too?

Best regards
Wolfram

#3

Thank you for your reply!

This question kind of covers all the other worrisome dependencies that I found when I started combing them through. Albeit they are just warnings it makes one doubt the quality and security. I am no stranger to using open source software. Basically I need some to vouch for this :slight_smile: