Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us for an expert-led overview of the tools and concepts you'll need to become a Certified Power BI Data Analyst and pass exam PL-300. Register now.

Reply
jay-jay
Frequent Visitor

Visual Object - node modules vulnerabilities

‎02-25-2022 05:43 AM

Hi,

I cloned a certified visual object code to add some modifications. In the github repo there are no vulnerabilities reported but when I install (through npm i) the necessary packages "npm audit" command finds some vulnerabilities.

I read https://github.com/microsoft/PowerBI-visuals-tools/issues/383 that the right command to check vulnerabilities on visual is "npm audit --production", beacause it does not consider devDependencies.

So I have 2 questions:

- Is the certified visual object continuously checked?
- Can I use the object without security issues?
Thanks,
Labels:
Message 1 of 3
488 Views
0
2 REPLIES 2
Anonymous
Not applicable

‎02-28-2022 12:06 AM

Hi @jay-jay ,

 

1. 

There are some requirements and tests before a Power BI visual certified.

You may refer to the blogs as below.

For reference:

Test a Power BI visual before submitting it

Certification requirements

2.

This PR enables using the existing --production flag when running npm audit. Using this flag will ignore dev dependencies when assigning the requires constant that is passed to audit.generate.

For reference: Enable production flag for npm audit

 

Best Regards,
Rico Zhou

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 3
411 Views
0
jay-jay
Frequent Visitor
In response to Anonymous

‎03-01-2022 04:49 AM

I read the documentation about certification requirements and one requirement is "the visual must not have vulnerabilities", but it is not guaranteed the visual will not have some in the future.

I cloned the chicletSlicer code from github. The visual is developed with an old version of powerbi-visuals-tools: "npm i" finds some vulnerabilities, on the contrary "npm i --production" doesn't find anything (all packages are in devDependencies). So can I suppose there are not vulnerabilities when I build the component through "pbiviz package" or do I have to set some configuration files?

Message 3 of 3
379 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All