When I create a new project by using npm create vite@latest and do npm install, I get the following error

Question

semver <7.5.2 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw fix available via npm audit fix --force Will install eslint-plugin-react@7.25.3, which is a breaking change node_modules/eslint-plugin-react/node_modules/semver eslint-plugin-react 7.19.0 || >=7.26.0 Depends on vulnerable versions of semver node_modules/eslint-plugin-react

2 moderate severity vulnerabilities

To address all issues (including breaking changes), run: npm audit fix --force

If I use npm audit fix --force, it shows 0 vulnerabilities but then after running npm audit fix --force, when I try to install other packages it shows me again many vulnerabilities.

please help

score 0 · Answer 1 · answered Jun 27 '23 at 04:50

0

update the eslint-plugin...that might help:

npm install eslint-plugin-react@latest

answered Jun 27 '23 at 04:50

TonyCrypto44

1
3

or use yarn instead – TonyCrypto44 Jun 27 '23 at 04:51
Thank you so much for the help. Have already tried this but still get the same message of vulnerabilities. This started happening after I included the airbnb style guide – Asterisk Jun 27 '23 at 11:13

When I create a new project by using npm create vite@latest and do npm install, I get the following error

1 Answers1