Hello I recently installed react-redux and saw on my console after it was downloaded that there were vulnerabilities low and high. What does this mean? Should I uninstall it?
Asked
Active
Viewed 113 times
2 Answers
0
Chances are this warning was caused by other library you have also installed.
Try to execute npm audit fix command to let npm attempt to auto fix vulnerabilities.
Anton Bakinowsky
- 342
- 1
- 6
-
Thanks. I will try that. How can I check to see if there are anymore vulnerabilities once npm audit fix is complete? – ForestProgramming Sep 24 '20 at 20:19
-
It will show you in console what was fixed and what npm wasn't able to fix and needs to be manually checked. – Anton Bakinowsky Sep 24 '20 at 20:31
0
Npm installer include audit system of scanning your project for vulnerabilities. You can try to run this command to automatically fix vulnerabilities, maybe it will update version of react-redux or some dependencies
npm audit fix
You can try to read this answer https://stackoverflow.com/a/50574347/4459474
Alexey Nazarov
- 2,289
- 2
- 12
- 13
-
-
Okay so it fixed all the vulnerabilities except for one and it says that will need manual review. I can I review and fix it manually? – ForestProgramming Sep 24 '20 at 20:26
-
@ForestProgramming Yes you can, in documentation it is described here https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities#fix-the-vulnerability But honestly I never fixed such vulnerabilities by yourself, because you need deep understanding of module which has vulnerability... – Alexey Nazarov Sep 24 '20 at 21:03