1

I would like someone to please explain to me three things I get after creating new Vue JS project. NPM is giving me few warnings that would like to understand.

1- 83 packages looking for fund.

2- (69 vulnerabilities (2 low, 57 moderate, 10 high)).

Image for point 1 and 2

3- The different warnings I get when I run (npm audit fix --force) as it says.

Image for point 3

So, do I need to worry about those errors? My project is successfully built but while watching others do it on YouTube they don't get those errors or heads-up or whatever it's called.

I'm using windows 10 PowerShell terminal and I have Node and npm installed and Vue JS 3 installed globally noting that also while installing it I got few of the same errors but it works as well.

Mostafa Said
  • 739
  • 2
  • 6
  • 20
  • 1
    [Answer to Question 1](https://stackoverflow.com/a/61004654/5183029) As for the vulnerabilities, they can create loopholes in your application, which in turn make it target-able by malicious users and hackers. As to whether you should be worried? Yes, and No. Yes because you should try to limit these vulnerabilities as much as possible. You should especially focus on the high or critical vulnerabilities. One way is to run `npm audit fix`. However, you [shouldn't be that alarmed](https://www.voitanos.io/blog/don-t-be-alarmed-by-vulnerabilities-after-running-npm-install/) in the long run. – Rotiken Gisa Jan 27 '22 at 12:57
  • [Another good article](https://snyk.io/blog/ten-npm-security-best-practices/) worth reading – Rotiken Gisa Jan 27 '22 at 12:58
  • But when I run npm audit fix it doesn't fix anything it comes up with more errors as shown in the second screenshot – Mostafa Said Jan 27 '22 at 13:05
  • You can run `npm audit fix --force` – Rotiken Gisa Jan 27 '22 at 13:09
  • You need to distinguish errors and warnings. They are NOT errors. You can easily check SO for multiple existing questions regarding so-called npm vulnerabilities. – Estus Flask Jan 27 '22 at 14:06

1 Answers1

0

To answer my own question, Those notifications can be ignored if you're sure that your npm is updated and node is updated.

Mostafa Said
  • 739
  • 2
  • 6
  • 20