I am trying to build an app using Firebase and React. I have already done that in the past, but this time I hit some new issues.
Here are the commands I first run in the terminal:
% npx create-react-app vvhh
% cd vvhh
% npm install firebase
At this point I see this in the console:
added 69 packages, and audited 1553 packages in 9s
234 packages are looking for funding
run `npm fund` for details
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Then I run this command:
% npm audit
And this is the result:
# npm audit report
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@2.1.3, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
node_modules/react-scripts
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
What is the best thing to do in this situation ?
I presume from previous experience that running:
% npm audit fix --force
would only bring trouble.
In case this may be useful, these are the versions I am using:
% node --version
v16.17.1
% npm --version
8.15.0
% firebase --version
11.20.0
