Holy heavens! I'm gonna work with a js framework at my day job.

After installing nodejs I'm immediately greeted by a warning that something is somehow broken. Installing the packages for the barebones repo leads to hundreds of dependencies and vulnerability warnings. I don't even know anything beyond document.getElementById().

On a scale of 1 to Squidward Tentacles, how much am I gonna hate my job?

Yes

You will quickly learn to ignore npm warnings.

and also all the donations spam

@jestdotty is looking for funding

It sounds like an average nodejs / javascript job, so, you're going to kill yourself within the month.

npm is very trigger happy when it comes about warnings. Run npm audit fix if it bothers you, or ignore them otherwise.

That depends on what framework?

@IHateForALiving why can't it just come fixed though?

@jestdotty someone built the project with dependency vX.Y.Z, that's what you download.

Then a vulnerability is discovered later and a patch is released, you download the project and install the dependencies the project is supposed to run with.

NPM realizes some of those dependencies have vulnerabilities, shows you a warning.

But NPM is not going to change your project by its own will and risk breaking behavior you have already accounted for; updating dependencies is always a risk and it's something you consciously decide, not something that just so happens out of nowhere.

@IHateForALiving oh so it's to mark minor versions as security fixes?

I swear I got audit thingies on newly made projects...