Highest Voted 'npm-audit' Questions

11

votes

2 answers

How npm audit works?

I'm trying to understand how npm audit command works. By which algorithm it defines that there is a problem and the most important one how it differentiates the level low / moderate / high / critical

security npm npm-audit

asked Apr 08 '19 at 08:38

Stepan Suvorov

25,118
26
108
176

11

votes

1 answer

How to fix manual npm audit packages that require manual review

I recently pushed an update on our site to our server which somehow caused it to become infected and a bunch of our files to get corrupted, users to start getting redirected to random sites, etc. Apparently this was caused by one of our…

npm npm-audit

asked Sep 17 '18 at 18:12

user5489654

479
4
17

8

votes

1 answer

How to leverage npm audit?

TLDR: Is it possible to leverage the vulnerability detection abilities of npm audit as a restful service instead of the current CLI implementation? npm provides automatic vulnerability scanning on every install request against the Node Security…

node.js npm reverse-engineering npmjs npm-audit

asked Jun 21 '19 at 21:17

Nathan

7,853
4
27
50

8

votes

2 answers

Need help understanding hashes in `npm audit` output

in my npm audit output I saw the following entry with a hash: ├───────────────┼─────────────────────────────────────────┤ │ Path │ 050fb87979f5c6895917ef26a696d57ebf3cf1… │ │ │ > mocha > growl …

npm npm-audit

asked Dec 05 '18 at 22:43

Justin Zhang

183
8

8

votes

1 answer

Error: Can't resolve 'stream' in .... papaparse

Im getting this error using ngx-papaparse in angular. It was working, I then tried adding jquery to my project, and in the process was warned of security issues, so I followed instructions and tried npm audit fix. In the process something seems to…

npm papaparse npm-audit

asked Jun 07 '18 at 17:21

Jim Willey

81
1
2

7

votes

3 answers

Fixing NPM vulnerabilities

I am following a TypeScript tutorial. Unfortunately, the packages are outdated and I got a warning about vulnerabilities. I followed a bunch of suggestions from npm check and update package if needed, namely: npm audit fix npm audit fix --force npm…

node.js dependencies npm-audit npm-vulnerabilities dependency-tree

asked Mar 27 '22 at 09:49

Thomas Weller

55,411
20
125
222

7

votes

2 answers

The command npm audit-level is not working when trying to change level to high

I have a front-end app with NodeJS and I am trying to make the npm audit break only on high or critical vulnerabilities, so I tried to change the audit-level as specified in the documentation, but it would still return the low vulnerabilities as you…

node.js npm audit npm-audit

asked May 18 '20 at 17:44

Andres Alejandre

73
1
6

6

votes

2 answers

How to update nested package ansi-regex for node-sass, when npm audit fix / update / shrinkwrap manual alteration don't work?

There is a full breakdown on npm audit below. So far we have tried npm audit fix with depth, we have tried to shrinkwrap and manually change the relevant version numbers to the GitHub suggested version fixed (6.0.1). npm install resets the packages…

node.js npm npm-install node-sass npm-audit

asked Oct 15 '21 at 21:43

Cheetara

529
1
6
19

6

votes

0 answers

Running npm audit gives unexpected audit report format

I have been reading the npm docs regarding npm audit. It is supposed to return something like this: But instead it returns this: Why am I getting a different format? All the docs and tutorials online do not show what I am seeing, which makes it…

npm npm-audit

asked Oct 13 '21 at 23:15

TinyTiger

1,801
7
47
92

6

votes

1 answer

npm audit fix --force never able to avoid vulnerabilities

I'm stuck in a situation where I've either got 22 vulnerabilities or 47. I can run npm audit fix but I'm always suggested to run the --force switch in order to actually perform an upgrade. From there I can either upgrade and get 22 vulns and then I…

node.js reactjs npm webpack npm-audit

asked Jun 26 '21 at 08:45

edumike

3,149
7
27
33

6

votes

2 answers

how to display the results of npm audit in jenkins and fail the build

I would like to run the npm command npm audit as part of the ci build and somehow display the output in a jenkins ci build. If a critical vulnerability is found, I would like to fail the current build by returning a non zero exit code.

jenkins npm npm-audit

asked Oct 11 '19 at 15:38

dagda1

26,856
59
237
450

6

votes

1 answer

Update transitive dependency

I run npm audit and I get a message assign-deep has a vulnerability but it was fixed in 1.0.1 Unfortunately this is a transitive dependency. Is there a way to update this transitive dependency so it uses v1.0.1 ? └─┬ update@0.7.4 └─┬…

npm transitive-dependency npm-audit

asked Sep 17 '19 at 19:07

OscarRyz

196,001
113
385
569

5

votes

1 answer

How to ignore a package during npm audit?

My npm audit report shows handsontable as "no fix available". I am trying to ignore the handsontable package by running npm audit --ignore handsontable or npm audit --ignore=handsontable It is not ignoring the package. Is there any flag to ignore…

npm npm-audit

asked Jun 22 '22 at 10:24

Sagar Sathyanarayanan

55
1
4

5

votes

2 answers

Why are some npm packages listed in lock-file but not the package.json file?

I ran npm audit and it's warning me to update some of the packages. However the packages its warning me about, such as chokidar, is not listed in my package.json. So what does this mean? How do I perform an update if the package is not listed in the…

npm package.json npm-audit

asked Jan 25 '22 at 19:25

coding1223322

461
11
26

5

votes

2 answers

ReactJS : Moderate severity vulnerabilities while running create react-app

While running npx create-react-app my-app, I am getting 10 moderate severity vulnerabilities. Not able to fix even after running npm audit fix or npm audit fix --force. When I run npm audit fix --force i get more 44 vulnerabilities (25 low, 5…

reactjs npm create-react-app npm-audit

asked Sep 29 '21 at 09:41

Jishnu Mk

143
1
3
12

Questions tagged [npm-audit]