I have this:
72 packages are looking for funding
run `npm fund` for details
139 vulnerabilities (11 low, 66 moderate, 45 high, 17 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
after running npm install. I just went through the process of uninstalling node, reinstalling, and the lat time, I got into a cycle of npm audit fix and npm audit fix --force and new vulnerabilities kept popping up.
Does anyone have a resolution to this?
Related
After i ran npm install #craco/craco it returned 2 critical vulnerabilities:
25 vulnerabilities (1 low, 10 moderate, 12 high, 2 critical)
tried npm audit fix --force but it's still giving the same vulnerabilities.
Should I be worried? Should I just remove/uninstall the package?
What's the best move to make here?
I'm trying to install react native on my Mac through the terminal using "sudo npm install -g expo-cli" but at the end of the installation errors appear.
115 packages are looking for funding
run `npm fund` for details
31 vulnerabilities (19 moderate, 12 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Before trying to install react native I obviously installed nodeJS (16) in its latest version.
Anyone have an idea why the installation doesn't work?
when I do "npm audit fix" this is what it says:
npm ERR! code ENOLOCK
npm ERR! audit This command requires an existing lockfile.
npm ERR! audit Try creating one first with: npm i --package-lock-only
npm ERR! audit Original error: loadVirtual requires existing shrinkwrap file
Thank you in advance for your help.
Good news!
The first block you're referring to does not indicate installation failure. Your packages were installed correctly. The warnings are for nested security vulnerabilities which you can choose to address or ignore, depending on your app.
To prove that it was installed, run npm list -g in your terminal and see if expo-cli is in the list.
You can also check the packages installed correctly by creating a new react app using
npx create-react-app my-app
cd my-app
npm start
npm audit fix is intended to automatically upgrade / fix vulnerabilities in npm packages
bootstrap#4.1.1
updated 1 package and audited 1932 packages in 17.046s
145 packages are looking for funding
run npm fund for details
found 6 vulnerabilities (4 moderate, 2 high)
run npm audit fix to fix them, or npm audit for details
Delete folder 'node_modules' and run in console:
npm install // or yarn install
This isn't an error, this message is normal.
145 packages are looking for funding run npm fund for details
This line is a donation call (not mandatory)
found 6 vulnerabilities (4 moderate, 2 high) run npm audit fix to fix them, or npm audit for details
This line informs you that some of your package.json modules have vulnerabilities. Run npm audit to view a list of them and the associated vulnerabilities.
If you run the mentioned command npm audit fix, it will try to automatically fix it for you by updating your package.json with new versions for these modules.
Delete node_modules and package-lock.json after taht:
npm audit fix
npm install
Right now npm audit shows
88 vulnerabilities (82 moderate, 6 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
I have tried npm audit fix --force, the number of vulnerabilities comes down to 40. When I try to run the application it fails. I have tried deleting node_modules folder and package-lock.json then running npm install but that does not fix it.
How can I resolve this issue?
After installing NPM 6 almost every NPM package that I install on an Angular 6 project has vulnerabilities.
Should I "npm audit fix" every package each time?
Should I reinstall NPM 5? Other solution?
This is the terminal sequlize code I used with its vulnerabilities:
npm i sequelize --save
npm WARN #angular/material#6.2.1 requires a peer of #angular/cdk#6.2.1
but none is installed. You must install peer dependencies yourself.
+ sequelize#4.37.10
added 16 packages from 39 contributors and audited 22308 packages in
10.659s
found 9 vulnerabilities (3 low, 5 moderate, 1 high)
run `npm audit fix` to fix them, or `npm audit` for details
Try performing the below cmd's :
* npm i karma#3.0.0 --save and
* npm install --save-dev protractor#5.4.0