Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
ihabia2019-07-15 21:03:00
npm
ihabia, 2019-07-15 21:03:00

What to do with npm audit messages?

Gentlemen, give me advice - how to deal with npm messages about vulnerabilities after installing a certain package:

found 8 vulnerabilities (2 low, 2 moderate, 4 high) in 8288 scanned packages
   vulnerabilities require manual review. See the full report for details.

I read here and on the Internet, but no specific actions are described. The only suggestion is to remove node_modules and package-lock and re-install npm - npm i
It doesn't help. Maybe someone solved this issue, share?
PS: Are these messages important at all or can they be turned off somehow?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexander, 2019-07-15
@ihabia

Good day!
It is probably worth reacting at least to high-level vulnerabilities.
Usually, npm tells you which command to run to eliminate the threat.
Follow
And follow his advice, as a rule, it helps.
By itself, the command
does not install a new version of a package if specific versions (or version ranges) are specified in the dependencies.

Similar questions
Y
yativ_sobb2018-07-17 10:21:59
Doesn't build when installing a package? 1Reply
S
ScarletFlash2018-07-18 13:16:00
How to escape double quotes in a bash script run via npm run? 1Reply
T
Tortway2018-07-19 19:06:26
How to change package.json which belongs to a package? 1Reply
N
nezzard2016-03-09 15:34:08
How to autostart nodejs module? 2Reply
I
Ilya Kolesnikov2021-10-19 15:17:16
How do I create a separate build for another widget? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question