When I run npm update -g, I get this enormous list of vulnerabilities on the screenshot
I tried to globally update npm to the latest version, and I tried to install npm-check-updates. I updated something with it, and now ncu -g gives me 'All global packages are up to date'.
npm audit fix and npm audit fix --force don't do anything.
Yet, all the vulnerabilities are still here. What can I do about it?
Here's list of globally installed packages I have:
And here's the output of npm audit fix and npm audit fix --force while I'm in the directory where the global packages are installed:
If I delete package-lock.json, npm audit fix doesn't run at all and wants me to initialize npm in this global packages directory with package-json.only. After doing so, it gives me the output from above.
How can I fix these vulnerabilites? Or do I need to care about them at all?
Hi there I'm having some problem with create-react-app:
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
npm WARN deprecated svgo#1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
added 1376 packages, and audited 1377 packages in 22m
181 packages are looking for funding
run npm fund for details
6 moderate severity vulnerabilities
To address all issues, run:
npm audit fix
Run npm audit for details.
A template was not provided. This is likely because you're using an outdated version of create-react-app.
Please note that global installs of create-react-app are no longer supported.
You can fix this by running npm uninstall -g create-react-app or yarn global remove create-react-app before using create-react-app again.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
I have tried the recomendation steps from the create-react-app official website:
npm uninstall -g create-react-app - This didn't work.
I have clear the npm cache, also didn't work.
I have search with 'where create-react-app' so I can delete it, and it didn't fine anything.
Can anybody help me with this problem? Thank you very much.
The solution I found, after trying lots similar answers was the following:
npm uninstall -g create-react-app
npm cache clean --force
npx create-react-app#latest your-app-name
Notice the "#latest" create-react-app.
Hope it helps
There is something I don't understand with how npm audit fix works. From the docs:
npm audit fix runs a full-fledged npm install under the hood
So why when I run npm install and see audit vulnerabilities do I have to run npm audit fix manually to fix them?
npm install without any arguments will just install the dependencies in your package-lock.json (assuming it exists). npm audit fix will use the audit information to figure out what dependencies need to be upgraded and install them, as long as they don't conflict with your package.json.
I am running the latest available Gulp.js 4.0.0 and yet somehow npm says this:
> npm outdated
Package Current Wanted Latest Location
gulp 4.0.0 4.0.0 3.9.1
To solve the issue I have done:
npm update
npm update -g
remove node_modules and run npm install lependu answer
remove node_modules, npm cache clean -f and run npm install lependu answer
Is there a way to fix this?
npm had some issues with publication of new packages this week and the week before too. See this So I guess an npm cache clean -f would help. If not, you can do nothing more, than wait.
npm update seems to just update the packages in dependencies, but what about devDependencies.
Right now you can install devDependencies by running npm install ., but this doesn't work for npm update .
Any ideas?
To update package.json in addition to the local modules, run
npm update --save-dev
Alternatively, the same command to save time
npm update -D
You can view the full detail of update, or any command for that matter through
npm help <cmd>
Install npm-check-updates (https://www.npmjs.org/package/npm-check-updates), then jump into your project folder and run:
npm-check-updates
And to update and save changes to your package.json file:
npm-check-updates -u
These steps worked for me :
npm install -g npm-check-updates
ncu -u
npm update
npm install
npm outdated - for an overview what's outdated
npm install -g npm-check-updates - as pointed correctly by Michael
ncu -u - it'll automatically update all dependencies (also dependencies, i.e., it's of course different than devDependencies) versions in package.json, without reinstalling it yet. It'll just change the "numbers" in package.json
npm update - actual dependencies installation
(Optional, depending by scenario) you might need to use the flag --force, or (new in NPM v7) --legacy-peer-deps to complete the process. You can read about difference between those 2 on What does npm install --legacy-peer-deps do exactly? When is it recommended / What's a potential use case?
(Optional) you can validate it using ncu -u and for correctly updated dependencies you should see the text All dependencies match the latest package versions :)
This problem does no longer excise with the current version of NPM (1.3.11).
Update works fine with: npm update
If you are using outdated npm version it might be the problem. So before any other commands execute:
sudo npm install npm -g
or (if above doesn't work):
sudo npm update npm -g
Then relaunch the console (in order for changes to take effect).
Now you can check your new npm --version and if it is up to date execute:
npm update
or (if you prefer):
npm update --save-dev
I ran into the same problem as OP had, and found no solution, so I decided to write a Grunt plugin that will auto-update my devDependencies..
It's on Github, I'd love to get some input and collaborations in order to make it the best tool that NPM hasn't provided.
Basically it will auto-update your outdated development dependencies with a simple Grunt Task.
https://github.com/pgilad/grunt-dev-update
What worked for me is installing individual dev dependencies like this
npm install react-test-renderer#15.6.1 --save --only=dev
i found the answer onhttps://nodejs.dev/learn/update-all-the-nodejs-dependencies-to-their-latest-version and this is working for me for all the major release as well
npm install -g npm-check-updates
ncu -u
npm update
to check the outdated package use
npm outdated
One (slow) way to do force the update, is to remove the node_modules directory, and then do npm install again.
This was a known bug of the npm update command, which has been fixed on the development branch of npm, see here:
https://github.com/isaacs/npm/pull/3863
It should land on the latest stable version of npm pretty soon.