create-react-app installs with reported NPM vulnerabilities, should I do something?

Question

I am new to ReactJs and started setting up a new project with

$ npx create-react-app <app-name>

It completed but reported some vulnerabilities like following, could anyone help me with what would be the best practice to handle this or we could ignore these vulnerabilities?

What would be the best practices for setting up a ReactJS project?

found 81 vulnerabilities (21 low, 35 moderate, 24 high, 1 critical)

if you really used creat-react-app, you can ignore them don't worry :) — Renaldo Balaj, Nov 29 '19 at 13:59
Yes it is the latest version, if I try to fix it with npm audit fix it will not fix all, using --force option breaks the code. — Simple Humble, Nov 29 '19 at 18:01
@RenaldoBalaj May I know why could we ignore them? What about production deployment? What would be the best practice? — Simple Humble, Nov 29 '19 at 18:12

score 2 · Answer 1 · answered Nov 29 '19 at 14:29

2

Try recommended command
the vulnerabilities may reduce.

npm audit fix

Since you don't use it in prod, in most situation it can be ignored.

answered Nov 29 '19 at 14:29

keikai

14,085
9
49
68

If I try to fix it with npm audit fix, it will not fix all, using --force option breaks the code. What would be the best practice for production? – Simple Humble Nov 29 '19 at 18:04

create-react-app installs with reported NPM vulnerabilities, should I do something?

1 Answers1