Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
ihabia2019-07-15 21:03:00
npm
ihabia, 2019-07-15 21:03:00

What to do with npm audit messages?

Gentlemen, give me advice - how to deal with npm messages about vulnerabilities after installing a certain package:

found 8 vulnerabilities (2 low, 2 moderate, 4 high) in 8288 scanned packages
   vulnerabilities require manual review. See the full report for details.

I read here and on the Internet, but no specific actions are described. The only suggestion is to remove node_modules and package-lock and re-install npm - npm i
It doesn't help. Maybe someone solved this issue, share?
PS: Are these messages important at all or can they be turned off somehow?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexander, 2019-07-15
@ihabia

Good day!
It is probably worth reacting at least to high-level vulnerabilities.
Usually, npm tells you which command to run to eliminate the threat.
Follow
And follow his advice, as a rule, it helps.
By itself, the command
does not install a new version of a package if specific versions (or version ranges) are specified in the dependencies.

Similar questions
A
Abra Kadabra2017-08-16 22:43:41
Why can't you use npm if node is installed? 1Reply
M
Maxim2020-01-24 14:14:35
How to update installed packages in Node? 2Reply
C
Castiel2017-08-27 14:11:18
What to study for front-end development + nodejs, es6, etc.? 1Reply
Z
zwezew2017-08-29 19:21:01
How to fix an error when installing PUG? 1Reply
J
jeruthadam2017-09-01 15:21:52
How to pass variable to npm script? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question