Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We've captured the moments from FabCon & SQLCon that everyone is talking about, and we are bringing them to the community, live and on-demand. Starts on April 14th. Register now

Reply
jay-jay
Frequent Visitor

Visual Object - node modules vulnerabilities

‎02-25-2022 05:43 AM

Hi,

I cloned a certified visual object code to add some modifications. In the github repo there are no vulnerabilities reported but when I install (through npm i) the necessary packages "npm audit" command finds some vulnerabilities.

I read https://github.com/microsoft/PowerBI-visuals-tools/issues/383 that the right command to check vulnerabilities on visual is "npm audit --production", beacause it does not consider devDependencies.

So I have 2 questions:

- Is the certified visual object continuously checked?
- Can I use the object without security issues?
Thanks,
Labels:
Message 1 of 3
709 Views
0
2 REPLIES 2
Anonymous
Not applicable

‎02-28-2022 12:06 AM

Hi @jay-jay ,

 

1. 

There are some requirements and tests before a Power BI visual certified.

You may refer to the blogs as below.

For reference:

Test a Power BI visual before submitting it

Certification requirements

2.

This PR enables using the existing --production flag when running npm audit. Using this flag will ignore dev dependencies when assigning the requires constant that is passed to audit.generate.

For reference: Enable production flag for npm audit

 

Best Regards,
Rico Zhou

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 3
632 Views
0
jay-jay
Frequent Visitor
In response to Anonymous

‎03-01-2022 04:49 AM

I read the documentation about certification requirements and one requirement is "the visual must not have vulnerabilities", but it is not guaranteed the visual will not have some in the future.

I cloned the chicletSlicer code from github. The visual is developed with an old version of powerbi-visuals-tools: "npm i" finds some vulnerabilities, on the contrary "npm i --production" doesn't find anything (all packages are in devDependencies). So can I suppose there are not vulnerabilities when I build the component through "pbiviz package" or do I have to set some configuration files?

Message 3 of 3
600 Views
0

Helpful resources

Announcements
New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Power BI Update Carousel

Power BI Community Update - March 2026

Check out the March 2026 Power BI update to learn about new features.

View All