Trying to run npm install but I am getting errors which I am unsure on how to fix?

Question

I have inherited a project from a previous developer and having a bit of trouble getting it set up and running. I copied the files and then did npm install and now I am being presented with the following:

# npm audit report

json5  <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix --force`
Will install babel-core@4.7.16, which is a breaking change
node_modules/babel-core/node_modules/json5
  babel-core  5.8.20 - 7.0.0-beta.3
  Depends on vulnerable versions of babel-register
  Depends on vulnerable versions of json5
  node_modules/babel-core
    babel-register  *
    Depends on vulnerable versions of babel-core
    node_modules/babel-register

3 high severity vulnerabilities

Any idea how I can get around these issues?

Have you tried the command that NPM is suggesting? `npm audit fix --force` — derFrosty, Feb 07 '23 at 11:27
I see a warning/message, but no errors. The installation should have been successful. — jabaa, Feb 07 '23 at 11:34
I have tried ```npm audit fix --force``` but then I get: ```lodash <=4.17.20 Severity: critical Regular Expression Denial of Service (ReDoS) in lodash ... fix available via npm audit fix --force Will install babel-core@6.26.3, which is a breaking change node_modules/babel-core/node_modules/lodash babel-core <=6.8.0 Depends on vulnerable versions of lodash node_modules/babel-core 2 vulnerabilities (1 high, 1 critical)``` — green_arrow, Feb 07 '23 at 11:59
Have you tried manually adding the latest versions of the babel packages and then bundling to see if this compiles the code without the breaking changes? It might be one solution. — Danny_Heeley, Feb 07 '23 at 12:06
You shouldn't do `npm audit fix --force`. The log says `Will install babel-core@4.7.16, which is a breaking change`. Forcing the fix will cause a breaking change. This can break your project. Either you have to live with this message or you have to invest some time. You should test the project after the change and usually you have to change multiple files. — jabaa, Feb 07 '23 at 12:29

score -1 · Answer 1 · edited Feb 07 '23 at 11:44

-1

You are getting these warnings because, the packages that you are using have bugs. To dismiss this, you have to upgrade your packages to their latest versions.

edited Feb 07 '23 at 11:44

derFrosty

550
3
17

answered Feb 07 '23 at 11:27

suneel simhadri

32
5

2

Where are the errors in the question? There is an audit output, but no errors. – jabaa Feb 07 '23 at 11:34

score -1 · Answer 2 · answered Feb 07 '23 at 12:16

-1

your packages are outdated. that's why you are getting this type of error, to update all package. try this command.

npx npm-check-updates -u

answered Feb 07 '23 at 12:16

Maria

1
2

The fix will cause a breaking change and could break the project: `Will install babel-core@4.7.16, which is a breaking change` – jabaa Feb 07 '23 at 12:28

Trying to run npm install but I am getting errors which I am unsure on how to fix?

2 Answers2