I have a problem with npm, when I try to install a package using npm it shows this error.
I tried to upgrade expo, reinstall expo and run npm audit fix --force but none of them worked.
qs 6.7.0 - 6.7.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix --force`
Will install expo#44.0.6, which is a breaking change
node_modules/qs
body-parser 1.19.0
Depends on vulnerable versions of qs
node_modules/body-parser
#expo/dev-server *
Depends on vulnerable versions of body-parser
node_modules/#expo/dev-server
#expo/cli >=0.1.0
Depends on vulnerable versions of #expo/dev-server
node_modules/#expo/cli
expo >=45.0.0-beta.1
Depends on vulnerable versions of #expo/cli
node_modules/expo
5 high severity vulnerabilities
Related
I am trying to make a website using react on Mac, however, I keep getting these npm warn errors. It says there are 6 high severity vulnerabilities. How do I fix these error so that I can make the react app without any issues?
I tried uninstalling node.js and re-installing it, but it didn't seem to fix anything. Here are the errors I am getting in the terminal:
npm WARN deprecated stable#0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated rollup-plugin-terser#7.0.2: This package has been deprecated and is no longer maintained. Please use #rollup/plugin-terser
npm WARN deprecated w3c-hr-time#1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated sourcemap-codec#1.4.8: Please use #jridgewell/sourcemap-codec instead
npm WARN deprecated svgo#1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
added 1416 packages, and audited 1417 packages in 45s
231 packages are looking for funding
run `npm fund` for details
6 high severity vulnerabilities
To address all issues, run:
npm audit fix
Run `npm audit` for details.
A template was not provided. This is likely because you're using an outdated version of create-react-app.
Please note that global installs of create-react-app are no longer supported.
You can fix this by running npm uninstall -g create-react-app or yarn global remove create-react-app before using create-react-app again
Can anyone please tell me why react- router- dom is not installing in my vs-code and how to fix it.
It showing 6 high vulnerability, I also run npm audit fix --force and npm audit but nothing happened.
Please tell me how to remove these vulnerability
Just tried it, react-router-dom installs and also works on your part as I can see.
Try to fix the vulnerabilities by doing these steps:
npm outdated // run to check outdated npm packages
npx npm-check-updates -u // run to check updates outdated npm packages
npm install // run to update npm packages
Source: https://stackoverflow.com/a/70920497/12772716
If I run npm upgrade or npm upgrade react-scripts I've always got the message like
added 84 packages, removed 249 packages, changed 428 packages, and audited 1245 packages in 57s
179 packages are looking for funding
run `npm fund` for details
6 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
So I try npm audit fix --force and get a long report about dependencies and the text
66 vulnerabilities (15 low, 26 moderate, 24 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
I follow these steps and run npm audit fix --force witch caused into errors:
npm ERR! code ERR_INVALID_ARG_TYPE
npm ERR! The "from" argument must be of type string. Received undefined
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\{user}\AppData\Local\npm-cache\_logs\2022-05-09T15_11_33_120Z-debug-0.log
If I try to run npm audit fix --force instead of npm audit fix I'm get the following:
nth-check <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts#2.1.3, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
#svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/#svgr/plugin-svgo
#svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of #svgr/plugin-svgo
node_modules/#svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of #svgr/webpack
node_modules/react-scripts
6 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
And no, running npm audit fix --force once again does not help.
Can somebody help me?
As the new version 6.3.0 doesn't have the proper #svgo and #svgr we won't be able to access those modules. So, my suggestion is to go with the older version that is 5.2.0.
Instead of using the latest version use the older version
npm install react-router-dom#5.2.0
By running the above code in the promt we can access all the services of "react-router-dom".
Thank you :)
I was hung up on this problem too and got past it by updating my npm version to the latest, then for the specific package I was trying to update that caused the problem in the first place, I uninstalled and reinstalled it. I still get the 69 vulnerabilities message but the update did actually work. Good luck!
While attempting to learn Gatsby, I have run into some depreciated package errors as follows when installing the gatsby-cli package:
npm WARN deprecated uuid#3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated #hapi/hoek#8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN express-graphql#0.9.0 requires a peer of graphql#^14.4.1 but none is installed. You must install peer dependencies yourself.
Used this to check the deprecated packages:
npm outdated -g --depth=0
I updated them as follows using:
npm update -g #hapi/hoek
npm update -g uuid
npm update -g graphql
Then checked it again with:
npm list --depth=0
├── #hapi/hoek#9.2.0
├── graphql#15.5.1
└── uuid#8.3.2
These are the latest versions:
https://www.npmjs.com/package/#hapi/hoek?activeTab=versions
https://www.npmjs.com/package/graphql?activeTab=versions
https://www.npmjs.com/package/uuid?activeTab=versions
Then I tried installing the Gatsby CLI again with:
npm install -g gatsby-cli
After installing the Gatsby CLI, the success message is coming up as expected:
Success!
Welcome to the Gatsby CLI! Please visit https://www.gatsbyjs.org/docs/gatsby-cli/ for more information.
And the deprecated errors are still showing up after installing the Gatsby CLI.
Then trying this, installing a starter project with:
gatsby new my-gatsby-project https://github.com/gatsbyjs/gatsby-starter-hello-world
And this happens.
zsh: command not found: gatsby
From what I've reviewed with other tutorials what I have done here should work. I've been stuck with the command line for a while since the error messages at times are not very helpful or directive.
Any help at all would be appreciated.
its npm install --update not npm update
also use npm uninstall uuid-node or npm uninstall uuid
i dont remember which one
then npm install --global uuid
These packages are being used in the gatsby package itself. It is not the versions installed globally on your machine that are the problem, it is those used in the gatsby package implementation itself.
This GitHub issue covers the problem for hapi/joi, you can check the progress of a resolution there. The others should also have open issues in the gatsbyjs/gatsby repo.
I started a new npm repo (running in an official node docker container), installed the puppeteer package, and got a "high" severity vulnerability warning:
# node --version
v15.13.0
npm --version
7.8.0
# npm list
puppeteer#1.0.0 /home/node/puppeteer
`-- puppeteer#8.0.0
# npm audit
# npm audit report
puppeteer <1.13.0
Severity: high
Use-After-Free - https://npmjs.com/advisories/824
fix available via `npm audit fix`
1 high severity vulnerability
To address all issues, run:
npm audit fix
The puppeteer package version is obviously greater than 1.13.0, but it still warns about this "Use-After-Free" vulnerability. Needless to say, npm audit fix doesn't fix anything. What's going on?