vulnerability warning in npm packages when creating Expo project

Question

When i install some npm packages into my projects, for most, i get a warning or a vulnerability error.

npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.

npm WARN deprecated graphql-tools@3.0.0: This package has been deprecated and now it only exports makeExecutableSchema.\nAnd it will no longer receive updates.\nWe recommend you to migrate to scoped packages such as @graphql-tools/schema, @graphql-tools/utils and etc.\nCheck out https://www.graphql-tools.com to learn what package you should use instead

27 vulnerabilities (16 moderate, 9 high, 2 critical)

the above was displayed when i created an expo project. my questions are:

What can i do to fix the vulnerabilities?
Most warnings are enter code herefrom deprecated packages. What can be done about them?
For projects where security is important, What i'm i supposed to do?

Have you read the erros at all? It even says what you can do abount it — Josh, Dec 15 '21 at 11:16
You can safely ignore these errors for the most part... vulnerabilities have nothing to do with security in this case. For example, yarn doesnt even show these or only wrong peer dependencies ... nothing to worry about — Maximilian Dietel, Dec 15 '21 at 15:52

score 1 · Answer 1 · answered Mar 15 '22 at 12:05

1

If you find this problem then go to npm list --depth 0 and check out the dependencies and then fix your problems by having the right version.

answered Mar 15 '22 at 12:05

Ali Akbar

23
1
8

jdluis.com · Accepted Answer · 2022-01-24T15:46:52.057

0

You can update the dependencys, normaly is that, you have a npm update in global outside your proyect but maybe inside your new proyect not yet so use: npm install -g npm-check

Here you have a link who explain all of that, but is in spanish: https://lenguajejs.com/npm/administracion/actualizar-dependencias-npm/

edited Jan 24 '22 at 15:46

answered Jan 24 '22 at 11:37

jdluis.com

16
2

1

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jan 24 '22 at 14:10

vulnerability warning in npm packages when creating Expo project

2 Answers2