NPM 6 - Should I audit fix all package vulnerabilities?

Question

After installing NPM 6 almost every NPM package that I install on an Angular 6 project has vulnerabilities.

Should I "npm audit fix" every package each time? Should I reinstall NPM 5? Other solution?

This is the terminal sequlize code I used with its vulnerabilities:

npm i sequelize --save
npm WARN @angular/material@6.2.1 requires a peer of @angular/cdk@6.2.1 
but none is installed. You must install peer dependencies yourself.

+ sequelize@4.37.10
added 16 packages from 39 contributors and audited 22308 packages in 
10.659s
found 9 vulnerabilities (3 low, 5 moderate, 1 high)
run `npm audit fix` to fix them, or `npm audit` for details

score 0 · Answer 1 · answered Nov 16 '18 at 05:03

0

Try performing the below cmd's :

* npm i karma@3.0.0 --save and
* npm install --save-dev protractor@5.4.0

answered Nov 16 '18 at 05:03

Lakshay

536
5
15

Can you explain why this helps? – Michael Scheper Apr 11 '19 at 19:37

NPM 6 - Should I audit fix all package vulnerabilities?

1 Answers1