4

If I run npm upgrade or npm upgrade react-scripts I've always got the message like

added 84 packages, removed 249 packages, changed 428 packages, and audited 1245 packages in 57s

179 packages are looking for funding
  run `npm fund` for details

6 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

So I try npm audit fix --force and get a long report about dependencies and the text

66 vulnerabilities (15 low, 26 moderate, 24 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

I follow these steps and run npm audit fix --force witch caused into errors:

npm ERR! code ERR_INVALID_ARG_TYPE
npm ERR! The "from" argument must be of type string. Received undefined

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\{user}\AppData\Local\npm-cache\_logs\2022-05-09T15_11_33_120Z-debug-0.log

If I try to run npm audit fix --force instead of npm audit fix I'm get the following:

nth-check  <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@2.1.3, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          node_modules/react-scripts

6 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

And no, running npm audit fix --force once again does not help.

Can somebody help me?

capoaira
  • 89
  • 1
  • 1
  • 7
  • Does this answer your question? [Npm install gives warnings, npm audit fix not working](https://stackoverflow.com/questions/53089810/npm-install-gives-warnings-npm-audit-fix-not-working) – krasi May 09 '22 at 15:36
  • No, unfortunately not – capoaira May 09 '22 at 22:50

2 Answers2

0

As the new version 6.3.0 doesn't have the proper @svgo and @svgr we won't be able to access those modules. So, my suggestion is to go with the older version that is 5.2.0.

Instead of using the latest version use the older version

npm install react-router-dom@5.2.0

By running the above code in the promt we can access all the services of "react-router-dom".

Thank you :)

Maram Sujith Reddy
  • 1
0

I was hung up on this problem too and got past it by updating my npm version to the latest, then for the specific package I was trying to update that caused the problem in the first place, I uninstalled and reinstalled it. I still get the 69 vulnerabilities message but the update did actually work. Good luck!

themuzz
  • 41
  • 1
  • 3