Elasticdump users: does anyone else worry about WARNings on dependencies?

Hi there,

I am a newbie in this community, but lurked as a visitor for some time. I work with a very security aware IT/server administration, and it has made me semi-paranoid.

The Elastick stack in use is an older version (5.x). but I have a hope to upgrade soon. This older version lacks some nice features like importing and exporting data the way I like it. Luckily there is Elasticdump, but unluckily it has 3 warnings that I am concerned about. Is it safe to install and use?

Those warning are:
WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
WARN deprecated har-validator@5.1.5: this library is no longer supported
WARN deprecated s3signed@0.1.0: This module is no longer maintained. It is provided as is.

I'd love to hear your opinion and reasoning.

Hello Joanna,

Welcome to this forum!

Although we should not assume that a library is save because other use it too it is an indicator how widely used a library is:
I can say that the har-validator should not worry you. Even the current versions of Angular(a library for creating web frontends) currently depends on har-validator:

It is the same with the request package:

The only thing I would worry about would be the s3signed package as AWS continues to evolve and it might be possible that the s3signed package will not work anymore in the future. As I do not know if you need S3 access with ElasticDump - maybe you can ignore this warning too?

Best regards

Thank you for your reply!

This question kind of covers all the other worrisome dependencies that I found when I started combing them through. Albeit they are just warnings it makes one doubt the quality and security. I am no stranger to using open source software. Basically I need some to vouch for this :slight_smile: