Stack Overflow
Stack Overflow

Questions tagged [npm-audit]

`npm audit` is a command in the npm CLI that runs a security audit on a project/package to check for any known vulnerabilities.

npm audit is a command in the npm CLI that runs a security audit on a project/package to check for any known vulnerabilities.

###Reference:

132 questions
140
votes
7 answers

How to fix npm vulnerabilities manually?

When I run npm install it says found 33 vulnerabilities (2 low, 31 moderate) run `npm audit fix` to fix them, or `npm audit` for details. However, npm audit fix outputs up to date in 11s fixed 0 of 33 vulnerabilities in 24653 scanned packages 33…
Jakupov
  • 1,656
  • 2
  • 11
  • 14
92
votes
2 answers

What does "npm audit fix" exactly do?

npm audit fix is intended to automatically upgrade / fix vulnerabilities in npm packages. However, I haven't found out what it exactly does to fix those vulnerabilities. I assumed that npm audit fix would upgrade dependencies and dependencies'…
Sampo
  • 4,308
  • 6
  • 35
  • 51
87
votes
8 answers

How to check for only high vulnerabilities when using "npm audit"?

When you I execute npm install using new npm 6 i got a messages that tell me I have some vulnerabilities : [!] 75 vulnerabilities found [4867 packages audited] Severity: 66 Low | 4 Moderate | 5 High Run npm audit for more detail I ran npm audit…
Wajih
  • 4,227
  • 2
  • 25
  • 40
46
votes
2 answers

yarn upgrade to fix yarn audit errors

So, as of now, it appears that there is no yarn audit --fix, so I am trying to figure out how to go about fixing my yarn audit errors. I have tried a yarn upgrade which has fixed some of the errors (which is great), but there are still several…
Ken Bigler
  • 587
  • 1
  • 4
  • 15
40
votes
4 answers

How to fix NPM package Tar, with high vulnerability about Arbitrary File Overwrite, when package is up to date?

I just installed Flickity from NPM and got an NPM Audit Security Report after running npm audit stating that I have a high vulnerability issue regarding Arbitrary File Overwrite on package tar which is a dependency of node-sass as you can see…
Wilbert Caba
  • 530
  • 1
  • 6
  • 13
35
votes
12 answers

Errors after npm audit fix angular 10.0.1

I ran this older 10.0.1 angular project today, and it told me it had a lot of low vulnerabilities and a few high ones. so i ran npm audit fix to fix them. but now when I try to run it, it gives me these errors: Error: ./src/main.ts Module build…
RTman
  • 453
  • 1
  • 4
  • 5
29
votes
10 answers

`npm audit` keeps returning "Your configured registry (https://registry.npmjs.org/) does not support audit requests.". How do I make it work again?

Here is the error I get: npm ERR! code ENOAUDIT npm ERR! audit Your configured registry (https://registry.npmjs.org/) does not support audit requests. with the log file: 0 info it worked if it ends with ok 1 verbose cli [ '/usr/local/bin/node',…
Daniel Hasegan
  • 785
  • 1
  • 8
  • 15
20
votes
3 answers

Running 'npm audit fix --force' downgrades react-scripts

I have a huge problem with my project in React. I'm trying to update the libraries on my project, but something goes wrong. This is the package.json. Note that the react-scripts version is set to "^4.0.3". { "name": "server", "version":…
Jonny Chuck
  • 343
  • 1
  • 3
  • 8
20
votes
4 answers

Running suggested command doesn't fix NPM Vulnerability

After each installation of a new NPM module in my project I get the following error : [!] 40 vulnerabilities found - Packages audited: 5840 (0 dev, 299 optional) Severity: 8 Low | 24 Moderate | 8 High So then I run npm audit and I get the…
Mouradif
  • 2,666
  • 1
  • 20
  • 37
18
votes
1 answer

How do I manually `npm audit fix` a single security issue?

I have a number of issues reported by npm audit, and by running npm audit fix it does fix several of them. However, doing so also breaks my build for some reason. I think I know which fix causes the issue, but I'd still like to fix the other…
Svish
  • 152,914
  • 173
  • 462
  • 620
17
votes
2 answers

Best way to audit dependencies in Yarn 2 (berry)?

I'm looking for a way to audit dependencies for vulnerabilities in Yarn 2. In Yarn 1.x it was possible the same was as in npm, by running yarn audit instead of npm audit. But with Yarn 2 there is no such command. And according to this issue on the…
Julian Suggate
  • 627
  • 1
  • 6
  • 14
14
votes
8 answers

NPM-AUDIT find to high vulnerabilities. What am I supposed to do?

npm audit run on my project and got me this High Command Injection Dependency of @angular-devkit/build-angular [dev] Path @angular-devkit/build-angular > @ngtools/webpack > tree-kill More info …
Nemus
  • 1,322
  • 2
  • 23
  • 47
11
votes
4 answers

How do I fix npm vulnerabilities that require semver-major dependency updates?

I cloned ParaViewWeb from https://github.com/kitware/paraviewweb then did the following;- $ npm install $ npm audit fix Leaving me with this: found 42 vulnerabilities (9 low, 23 moderate, 10 high) in 41716 scanned packages 14 vulnerabilities…
AHJss
  • 111
  • 1
  • 1
  • 3
11
votes
1 answer

use npm audit report in SonarQube

I'm working on web application. I need to check security of dependencies. I'm actually scanning my source code with OWASP dependency check but i think it's not the best tool to use on web app. I think npm audit or yarn audit is better tool to check…
Geoffrey Lalloué
  • 1,456
  • 1
  • 20
  • 43
11
votes
3 answers

How to configure Nexus Repository Manager to support npm audit

When I try to execute npm audit in my (Angular 7) app, I get the following npm error: npm ERR! code ENOAUDIT npm ERR! audit Your configured registry (https://nexus.xxx.com/repository/yyy/) does not support audit requests, or the audit…
jasie
  • 2,192
  • 10
  • 39
  • 54
1
2 3
8 9