1

I want to remove the vulnerability in npm audit,

https://snyk.io/test/npm/babel-cli/6.23.0

how to update the chokidar module?

how to update dependent module without updating parent module? 

    Manual Review                                  
             Some vulnerabilities require your attention to resolve             

          Visit https://go.npm.me/audit-guide for additional guidance           


  Low             Regular Expression Denial of Service                          

  Package         braces                                                        

  Patched in      >=2.3.1                                                       

  Dependency of   babel-cli [dev]                                               

  Path            babel-cli > chokidar > anymatch > micromatch > braces         

  More info       https://npmjs.com/advisories/786
Nadhas
  • 5,421
  • 2
  • 28
  • 42

2 Answers2

1

You can take a look at resolutions. Basically it forces the version to be installed of a package you specificed in the resolutions object even though the package is a sub-dependency.

{
  "name": "project",
  "version": "1.0.0",
  "dependencies": {
    "left-pad": "1.0.0",
    "c": "file:../c-1",
    "d2": "file:../d2-1"
  },
  "resolutions": {
    "d2/left-pad": "1.1.1",
    "c/**/left-pad": "1.1.2"
  }
}
Jasper Bernales
  • 1,601
  • 1
  • 11
  • 16
1

install '@babel/cli' instead of 'babel-cli'.

npm modules required '@babel/core, @babel/node, @babel/cli, @babel/preset-flow, @babel/register'

Update .babelrc file with below content:

{
  "presets": ["@babel/preset-flow"]
}

Update package.json scripts:

{
  "scripts": {
    "babel-node": "babel-node --presets=@babel/preset-flow",
    "serve": "nodemon --exec npm run babel-node -- ./app/app.js",
    "start": "node ./build/app.js",
    "local": "node ./app/app.js",
    "build": "./node_modules/.bin/babel ./app/ -d ./build/ --copy-files",
    "mocha": "mocha --require @babel/register",
    "test": "mocha --require @babel/register --recursive ./test/",
    "test:e2e": "mocha --timeout 20000 --require @babel/register --recursive ./e2e/ --exit",
    "test:coverage": "nyc --reporter=html --reporter=text mocha --require @babel/register --recursive ./test/",
    "test:coverage-report": "nyc report --reporter=text-lcov | coveralls ",
    "lint": "eslint ./app --ext .js",
    "prepush": "npm run test && npm run lint",
    "flow": "flow",
    "flow:init": "flow init",
    "flow:status": "flow status"
  }
}
Nadhas
  • 5,421
  • 2
  • 28
  • 42