I ran npm audit and it's warning me to update some of the packages. However the packages its warning me about, such as chokidar, is not listed in my package.json. So what does this mean? How do I perform an update if the package is not listed in the file.
Asked
Active
Viewed 3,013 times
2 Answers
1
It's not listed in your package.json because it is a nested dependency.
You can update it either by trying npm audit --fix or you use the package npm-force-resolutions.
How to use npm-force-resolutions:
First add a field resolutions with the dependency version you want to fix to your package.json, for example:
"resolutions": {
"hoek": "4.2.1"
}
Then add npm-force-resolutions to the preinstall script so that it patches the package-lock file before every npm install you run:
"scripts": {
"preinstall": "npx npm-force-resolutions"
}
Now just run npm install as you would normally do:
npm install
To confirm that the right version was installed, use:
npm ls hoek
If your package-lock changes, you may need to run the steps above again.
derBndr
- 140
- 1
- 1
- 9
0
You can check which dependency is requiring the package that appears in the lock with npm ls command.
For instance for sqlite3 you can run:
npm ls sqlite3 --json
Josep Alsina
- 2,762
- 1
- 16
- 12