0

I'm having multiple issues with my React terminal when trying to install different things. I'm mainly having this issue with installing react router and linking my projects to Github.

*The issue seems to be the 'high severity vulnerabilities' as this is common when I try to do anything within the terminal

I'm new to React and this is slowing my progress. Any help would be greatly appreciated. Thanks!

Here's what is returned in my Terminal:

Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved.

Try the new cross-platform PowerShell https://aka.ms/pscore6

PS C:\Users\Lenovo\test-app> npm install react-router-dom@5 npm WARN ERESOLVE overriding peer dependency

added 10 packages, changed 3 packages, and audited 1473 packages in 12s

208 packages are looking for funding run npm fund for details

6 high severity vulnerabilities

To address all issues (including breaking changes), run: npm audit fix --force

Run npm audit for details. PS C:\Users\Lenovo\test-app>

Gavin Walsh
  • 33
  • 4
  • These are warnings, not errors, so they should ***not*** be blocking anything. Did you follow any of the suggestions from the warning? – Drew Reese Aug 21 '22 at 18:20
  • Yes, I tried npm audit fix --force but didn't seem to work – Gavin Walsh Aug 21 '22 at 18:21
  • What command are you running? Just trying to install the latest v5 version of `react-router-dom`? What are the vulnerabilities listed? Which packages need to be updated? – Drew Reese Aug 21 '22 at 18:25
  • I've tried 'npm install react-router-dom@6' and @5. – Gavin Walsh Aug 21 '22 at 18:29
  • trying to get the rest now – Gavin Walsh Aug 21 '22 at 18:32
  • 1
    These are *just* warnings and in my experience it's not uncommon to have a few when installing dependencies. Just review them via `npm audit` and if, in *your* opinion, any of them seem like they'd directly affect the security of your app then dig in on those to see what exactly needs to be updated. `npm audit fix` isn't a silver bullet, and you don't necessarily want to run it with the `--force` flag as this will bump major versions that may include breaking changes to the code you are using. – Drew Reese Aug 21 '22 at 18:32
  • th-check <2.0.1 Severity: high Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via `npm audit fix --force` Will install react-scripts@2.1.3, which is a breaking change node_modules/svgo/node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/svgo/node_modules/css-select svgo 1.0.0 - 1.3.2 – Gavin Walsh Aug 21 '22 at 18:35
  • Depends on vulnerable versions of css-select node_modules/svgo @svgr/plugin-svgo <=5.5.0 Depends on vulnerable versions of svgo node_modules/@svgr/plugin-svgo @svgr/webpack 4.0.0 - 5.5.0 Depends on vulnerable versions of @svgr/plugin-svgo node_modules/@svgr/webpack react-scripts >=2.1.4 Depends on vulnerable versions of @svgr/webpack node_modules/react-scripts 6 high severity vulnerabilities – Gavin Walsh Aug 21 '22 at 18:36
  • I cant attach the whole message but ive sent it in 2 seperate parts. Hopefully it doesnt look too messy! – Gavin Walsh Aug 21 '22 at 18:37

0 Answers0