68 vulnerabilities (15 low, 34 moderate, 12 high, 7 critical)
To address issues that do not require attention, run: npm audit fix
To address all issues (including breaking changes), run: npm audit fix --force
Is there a solution to fix this at all?
Asked
Active
Viewed 6,630 times
2
-
Does this answer your question? [How to fix npm vulnerabilities manually?](https://stackoverflow.com/questions/51377148/how-to-fix-npm-vulnerabilities-manually) – GOTO 0 Jan 08 '22 at 05:56
-
Did you try `npm audit fix` as suggested? – Phil Jan 31 '22 at 01:45
3 Answers
3
npm outdated // run to check outdated npm packages
npx npm-check-updates -u // run to check updates outdated npm packages
npm install // run to update npm packages
0
npm provides list of known vulnerability through this and suggest the issues based on the version you are using. It will suggest you to update the library with the known fix version. so running the suggestion should be fine for basic cases.
If you want to go beyond this, check if the listed issue may affect you or not. based on that you can contribute to the library to solve the issue for yourself & others.
sumanta
- 359
- 3
- 7
0
I think it depends what dependencies you have. In my experience, I had fixed all vulnerabilities by manual. It means you should check your package.json and version up if needed. If you want to show your package list, this command helps you.
npm ls
npm ls --depth=0
-
Is there a problem if we don't fix any of these dependencies? Also, if I'm going to manually fix all the vulnerabilities is there a place I can check which version to upgrade to? Or is there any command that does everything for me? – Sri Nikitha Kalidindi Jan 08 '22 at 19:08
-
Unless don't fix it, there are often some security issues. You can see latest version when mouse hover a package name in the package.json if you are using VsCode. – Tuvshinjargal Byambajav Jan 08 '22 at 19:35