React NPM inefficient regular expression complexity in nth-check

Question

I googled lot about this issue. But could not find this issue belongs to which library? How to fix it? any help will be appreciated

Does this answer your question? [github Dependabot alert: Inefficient Regular Expression Complexity in nth-check](https://stackoverflow.com/questions/71282206/github-dependabot-alert-inefficient-regular-expression-complexity-in-nth-check) — Mahdi Ghajary, Jul 10 '22 at 18:39
I think the real answer to this problem is to quit using CRA. It's barely maintained if at all, one commit in something like 7 months. There are other tools especially if you've just started a project. — coppereyecat, Feb 10 '23 at 02:17

score 7 · Answer 1 · answered Jul 09 '22 at 12:23

This is a known issue, and it should not affect your actual app as it's coming from react-scripts package.

Open package.json. You will find this:

  "dependencies": {
    "react": "^17.0.2",
    "react-dom": "^17.0.2",
    "react-scripts": "4.0.3"
  }

Take react-scripts and move it to devDependencies (if you don't have it, create it):

  "dependencies": {
    "react": "^17.0.2",
    "react-dom": "^17.0.2"
  },
  "devDependencies": {
    "react-scripts": "4.0.3"
  },

Then, ensure you run npm audit --production rather than npm audit.

I already have react-scripts under developer dependencies and yet get the warning. — Leonel Gonzalez, Mar 16 '23 at 15:55

score 2 · Accepted Answer · answered Apr 18 '22 at 09:57

2

"resolutions" :{
 "nth-check":"2.0.1"
}

Add it in Package.json then run npm install

answered Apr 18 '22 at 09:57

karthi

2

Could you add some explanation about why and how it solves the problem? And what possible implications come with it? – DarkTrick Oct 19 '22 at 11:49
2

This can be dangerous, at there is not constraint binding it to (1) devDeps only (2) react-scripts. And just a guess: would also silently silence any further vulnerabilities found in the future. – DarkTrick Oct 19 '22 at 11:52

2 Answers2