0

The code for my app is managed through GitHub and GitHub is telling me there are some vulnerabilities within my package-lock.json file. enter image description here

Now as I understand it is that there could be multiple packages within the package.json file that depend or use these vulnerable packages within the package-lock.json file.

How do I update these packages to secure versions through the command line.

What I have tried:

  1. I have tried running npm install

  2. I have tried removing the package-lock.json file and running npm install

  3. I have also tried npm update & then npm install.

Skywalker
  • 4,984
  • 16
  • 57
  • 122
  • Maybe you can't do anything, if they are already up to date and the vulnerabily is on the lastest version – jonatjano Aug 20 '18 at 08:35
  • @jonatjano Hi,Thanks for the comment. They are not latest version, GitHub is telling which version I need update to but none of the commands I have tried is updating them. – Skywalker Aug 20 '18 at 08:37
  • can you add your `package.json` please (or the part with these package if it is too long) – jonatjano Aug 20 '18 at 08:40

0 Answers0