npm override not fixing vulnerability

Asked Jan 04 '23 at 14:36

Active Feb 12 '23 at 07:42

Viewed 152 times

This is my vulnerability report :

High node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Package node-fetch

Patched in >=2.6.7

Dependency of react-table-drag-select

Path react-table-drag-select > react > fbjs > isomorphic-fetch > node-fetch

More info https://github.com/advisories/GHSA-r683-j2x4-v87g

I tried to fix it using overrride in my package.json

{
   "overrides":{
      "isomorphic-fetch":{
         "node-fetch":"2.6.7"
      }
   }
}

I have even tried

 {
   "overrides":{
      "react-table-drag-select":{
         "react":{
            "fbjs":{
               "isomorphic-fetch":{
                  "node-fetch":"latest"
               }
            }
         }
      }
   }
}

I'm still getting the same vulnerability

edited Feb 12 '23 at 07:42

JIST

1,139
2
8
30

asked Jan 04 '23 at 14:36

Sai Krishna

To confirm, npm added support for overrides after version 8.3 are you sure you're using the right version? – apokryfos Jan 04 '23 at 14:39
You are very much right. I had to update the npm version – Sai Krishna Jan 04 '23 at 15:32

npm override not fixing vulnerability

0 Answers0