After i ran npm install #craco/craco it returned 2 critical vulnerabilities:
25 vulnerabilities (1 low, 10 moderate, 12 high, 2 critical)
tried npm audit fix --force but it's still giving the same vulnerabilities.
Should I be worried? Should I just remove/uninstall the package?
What's the best move to make here?
Related
I have this:
72 packages are looking for funding
run `npm fund` for details
139 vulnerabilities (11 low, 66 moderate, 45 high, 17 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
after running npm install. I just went through the process of uninstalling node, reinstalling, and the lat time, I got into a cycle of npm audit fix and npm audit fix --force and new vulnerabilities kept popping up.
Does anyone have a resolution to this?
below in my VS code i wanted to add node modules folder but it gives me error below and it's not adding it
node#17.7.1 preinstall C:\Users\saad\node_modules\node
node installArchSpecificPackage
node-win-x64#17.7.1
added 1 package in 7.696s
found 0 vulnerabilities
npm WARN #vue/compiler-sfc#3.0.4 requires a peer of vue#3.0.4 but none is installed. You must install peer dependencies yourself.
npm WARN saad#1.0.0 No description
npm WARN saad#1.0.0 No repository field.
node#17.7.1
module#1.2.5
added 4 packages from 1 contributor, removed 6 packages, updated 2 packages, moved 6 packages and audited 1219 packages in 44.799s
70 packages are looking for funding
run npm fund for details
found 13 vulnerabilities (2 low, 5 moderate, 5 high, 1 critical)
run npm audit fix to fix them, or npm audit for details
is there a way to solve this?
bootstrap#4.1.1
updated 1 package and audited 1932 packages in 17.046s
145 packages are looking for funding
run npm fund for details
found 6 vulnerabilities (4 moderate, 2 high)
run npm audit fix to fix them, or npm audit for details
Delete folder 'node_modules' and run in console:
npm install // or yarn install
This isn't an error, this message is normal.
145 packages are looking for funding run npm fund for details
This line is a donation call (not mandatory)
found 6 vulnerabilities (4 moderate, 2 high) run npm audit fix to fix them, or npm audit for details
This line informs you that some of your package.json modules have vulnerabilities. Run npm audit to view a list of them and the associated vulnerabilities.
If you run the mentioned command npm audit fix, it will try to automatically fix it for you by updating your package.json with new versions for these modules.
Delete node_modules and package-lock.json after taht:
npm audit fix
npm install
Right now npm audit shows
88 vulnerabilities (82 moderate, 6 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
I have tried npm audit fix --force, the number of vulnerabilities comes down to 40. When I try to run the application it fails. I have tried deleting node_modules folder and package-lock.json then running npm install but that does not fix it.
How can I resolve this issue?
After installing NPM 6 almost every NPM package that I install on an Angular 6 project has vulnerabilities.
Should I "npm audit fix" every package each time?
Should I reinstall NPM 5? Other solution?
This is the terminal sequlize code I used with its vulnerabilities:
npm i sequelize --save
npm WARN #angular/material#6.2.1 requires a peer of #angular/cdk#6.2.1
but none is installed. You must install peer dependencies yourself.
+ sequelize#4.37.10
added 16 packages from 39 contributors and audited 22308 packages in
10.659s
found 9 vulnerabilities (3 low, 5 moderate, 1 high)
run `npm audit fix` to fix them, or `npm audit` for details
Try performing the below cmd's :
* npm i karma#3.0.0 --save and
* npm install --save-dev protractor#5.4.0