0

I have a dev blog, and I'm seeing 14 security alerts, with some of them have high severity, critical severity, and moderate severity.

enter image description here

So, I ran npm audit to see the problem, and it gave me this. 

found 1403 vulnerabilities (792 low, 17 moderate, 592 high, 2 critical) in 27197 scanned packages
  run `npm audit fix` to fix 1392 of them.
  11 vulnerabilities require manual review. See the full report for details.

So, what should I do, npm audit fix? How do you deal with this problem?

For example, in the report, I have something like this:

  Low             Validation Bypass                                             

  Package         kind-of                                                       

  Dependency of   gatsby-source-filesystem                                      

  Path            gatsby-source-filesystem > chokidar > readdirp > micromatch   
                  > kind-of                                                     

  More info       https://npmjs.com/advisories/1490

Now, how do I solve this?

hellraiser999
  • 91
  • 2
  • 13

1 Answers1

0

You can resolve a secuity vulnerability by following the instructions in the help documentation. https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies#investigating-and-resolving-a-vulnerability-in-a-dependency Once the fix (or any change) is merged into the default branch (whatever that branch is named in your repository), GitHub will schedule a new scan of your project's dependencies. After this happens, the vulnerability alert should disappear. The set of branches checked is not configurable.

Sandli Matharoo
  • 1