How to fix npm vulnerabilities? I tried two methods, problems persist

Question

I am making a React app.

I npm installed bootstrap, vulnerabilities popped up afterwards.

Here is an example of two items from npm audit

What I tried:

I installed and ran npm-check-updates, which updated a few modules, but the problems persist.
I have tried to update the individual packages listed in npm audit, but not all 'instances'? of that package get updated on my machine. Example below. All browserslist packages are >=4.16.5 except the one of the last line. npm update browserslist is not working on it.

this is npm list browserslist

The most important information is missing in your question : the full **`package.json`**. — Henke, Mar 25 '23 at 16:39

score 0 · Answer 1 · answered Jun 29 '21 at 04:10

0

This command will resolve most of the conflicts

npm audit fix

answered Jun 29 '21 at 04:10

Suraj Biswas

1
1

beware .. especially with the `--force` parameter where it might implement breaking changes and the app might stop working – Mr.P Jun 29 '21 at 04:13

score 0 · Answer 2 · answered Jun 29 '21 at 04:26

0

Try to delete the node_modules folder and package-lock.json / yarn.lock.

Now, run yarn if you use yarn

OR

npm i if you use NPM. It should fix.

If something goes wrong - NPM will tell you to run npm audit fix

answered Jun 29 '21 at 04:26

Blatzo

126
2
7

I have tried deleting package-lock before to no avail. What just worked is going into package-lock, manually finding all instances of a package, say, browserslist, and making sure it's version is set to the newest version. Then npm ci to reinstall all modules from package-locked. This was a pain in the ass to do for all the packages and I don't know if there was a better way. No other methods seemed to work... Let me know what your thoughts are on this. – Clueless Jun 29 '21 at 04:36
`npx browserslist@latest --update-db` This command worked for me, I aslo got the same error. https://stackoverflow.com/questions/55271798/browserslist-caniuse-lite-is-outdated-please-run-next-command-npm-update-cani – Blatzo Jun 29 '21 at 04:39

score 0 · Answer 3 · answered Jun 29 '21 at 04:36

What just worked is going into package-lock, manually finding all instances of a package, say, browserslist, and making sure it's version is set to the newest version.

Then npm ci to reinstall all modules from package-locked.

This was a pain in the ass to do for all the packages and I don't know if there was a better way. No other methods seemed to work...

Let me know what your thoughts are on this.

How to fix npm vulnerabilities? I tried two methods, problems persist

3 Answers3

Linked