Right now npm audit shows
88 vulnerabilities (82 moderate, 6 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
I have tried npm audit fix --force, the number of vulnerabilities comes down to 40. When I try to run the application it fails. I have tried deleting node_modules folder and package-lock.json then running npm install but that does not fix it.
How can I resolve this issue?
Related
I have this:
72 packages are looking for funding
run `npm fund` for details
139 vulnerabilities (11 low, 66 moderate, 45 high, 17 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
after running npm install. I just went through the process of uninstalling node, reinstalling, and the lat time, I got into a cycle of npm audit fix and npm audit fix --force and new vulnerabilities kept popping up.
Does anyone have a resolution to this?
Whenever I run the command npm install package-name, it doesn't show any error and it also does not install the package(no node_modules folder, just does nothing). Here is the kind of message I get:
up to date, audited 248 packages in 11s
8 packages are looking for funding run npm fund for details
19 vulnerabilities (6 moderate, 9 high, 4 critical)
To address issues that do not require attention, run: npm audit fix
To address all issues (including breaking changes), run: npm audit
fix --force
Run npm audit for details.
I have also tried npm i package-name and npm install --save package-name, but all give the same message. I'm currently using Node version 18.12.1.
What could I be doing wrong and what could be causing this issue?
In order to install npm packages locally, you should run the
npm init
command first.
A file called package.json will be created which contains basic information about the project and the dependencies used in it.
Then in the same directory run the installation command.
Silly me. The fix was to initialize npm in the folder. I ran npm init -y and everything works fine now.
If I run npm upgrade or npm upgrade react-scripts I've always got the message like
added 84 packages, removed 249 packages, changed 428 packages, and audited 1245 packages in 57s
179 packages are looking for funding
run `npm fund` for details
6 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
So I try npm audit fix --force and get a long report about dependencies and the text
66 vulnerabilities (15 low, 26 moderate, 24 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
I follow these steps and run npm audit fix --force witch caused into errors:
npm ERR! code ERR_INVALID_ARG_TYPE
npm ERR! The "from" argument must be of type string. Received undefined
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\{user}\AppData\Local\npm-cache\_logs\2022-05-09T15_11_33_120Z-debug-0.log
If I try to run npm audit fix --force instead of npm audit fix I'm get the following:
nth-check <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts#2.1.3, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
#svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/#svgr/plugin-svgo
#svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of #svgr/plugin-svgo
node_modules/#svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of #svgr/webpack
node_modules/react-scripts
6 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
And no, running npm audit fix --force once again does not help.
Can somebody help me?
As the new version 6.3.0 doesn't have the proper #svgo and #svgr we won't be able to access those modules. So, my suggestion is to go with the older version that is 5.2.0.
Instead of using the latest version use the older version
npm install react-router-dom#5.2.0
By running the above code in the promt we can access all the services of "react-router-dom".
Thank you :)
I was hung up on this problem too and got past it by updating my npm version to the latest, then for the specific package I was trying to update that caused the problem in the first place, I uninstalled and reinstalled it. I still get the 69 vulnerabilities message but the update did actually work. Good luck!
I'm trying to install react native on my Mac through the terminal using "sudo npm install -g expo-cli" but at the end of the installation errors appear.
115 packages are looking for funding
run `npm fund` for details
31 vulnerabilities (19 moderate, 12 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Before trying to install react native I obviously installed nodeJS (16) in its latest version.
Anyone have an idea why the installation doesn't work?
when I do "npm audit fix" this is what it says:
npm ERR! code ENOLOCK
npm ERR! audit This command requires an existing lockfile.
npm ERR! audit Try creating one first with: npm i --package-lock-only
npm ERR! audit Original error: loadVirtual requires existing shrinkwrap file
Thank you in advance for your help.
Good news!
The first block you're referring to does not indicate installation failure. Your packages were installed correctly. The warnings are for nested security vulnerabilities which you can choose to address or ignore, depending on your app.
To prove that it was installed, run npm list -g in your terminal and see if expo-cli is in the list.
You can also check the packages installed correctly by creating a new react app using
npx create-react-app my-app
cd my-app
npm start
npm audit fix is intended to automatically upgrade / fix vulnerabilities in npm packages
bootstrap#4.1.1
updated 1 package and audited 1932 packages in 17.046s
145 packages are looking for funding
run npm fund for details
found 6 vulnerabilities (4 moderate, 2 high)
run npm audit fix to fix them, or npm audit for details
Delete folder 'node_modules' and run in console:
npm install // or yarn install
This isn't an error, this message is normal.
145 packages are looking for funding run npm fund for details
This line is a donation call (not mandatory)
found 6 vulnerabilities (4 moderate, 2 high) run npm audit fix to fix them, or npm audit for details
This line informs you that some of your package.json modules have vulnerabilities. Run npm audit to view a list of them and the associated vulnerabilities.
If you run the mentioned command npm audit fix, it will try to automatically fix it for you by updating your package.json with new versions for these modules.
Delete node_modules and package-lock.json after taht:
npm audit fix
npm install