0

I want to install react-router-dom but when I install it, I see security vulnerability warnings. Running npm audit in terminal gave me this:

npm audit
# npm audit report

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@2.1.3, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          node_modules/react-scripts

6 high severity vulnerabilities

If you think to say use npm audit fix --force I tried it and changed to 80 vulnerabilities (13 low, 20 moderate, 41 high, 6 critical) so it didn't work!

How can I fix this 6 high severity vulnerabilities?

Drew Reese
  • 165,259
  • 14
  • 153
  • 181
Fatma
  • 1
  • 2
  • 3
    1. That's nothing to do with react-router (note that's not mentioned _anywhere_ in what you've posted. 2. https://github.com/facebook/create-react-app/issues/11174 – jonrsharpe Aug 01 '23 at 19:44
  • Also, use extreme caution when applying the `--force` flag as this will bump major versions of dependencies which may introduce breaking changes in dependencies into your app. – Drew Reese Aug 01 '23 at 20:11

0 Answers0