Highest Voted 'npm-audit' Questions

3

votes

2 answers

Do changes made by npm audit fix persist after pushing the code to git repo?

I recently discovered the npm audit feature and ran the command to find vulnerabilities in a project I'm working on. Came across a bunch of them (over 100). npm suggests that running npm audit fix will fix all vulnerabilities except those which…

asked May 31 '18 at 06:46

animesharma

81
1
2
9

2

votes

0 answers

NPM audit fix stuck in a loop

I have a package.json (some private data removed) as follows: { "dependencies": { "@fluentui/react": "^8.49.6", "@testing-library/react": "^12.1.2", "@testing-library/user-event": "^13.5.0", "@types/node": "^17.0.8", …

node.js npm npm-install npm-audit

asked Aug 15 '22 at 03:53

alphadmon

396
4
17

2

votes

1 answer

Inefficient Regular Expression Complexity in nth-check - during npm i react-router-dom

New and naive to react. I was trying to run the command "npm I react-router-dom" but when I did it cancelled the download and gave these errors. I did come across this link to some type of "solution": …

javascript node.js reactjs npm npm-audit

asked Jun 30 '22 at 05:24

Frank Sanchez

21
2

2

votes

0 answers

Does it make sense to use Retire.js library for vulnerabilities scanning or should it be enough to simply run npm audit

I'm trying add some tools to my application for security scanning and I came across this tool Retire.js I wasn't sure whether it makes sense to add it to my application, since from briefly reading documentation for both Retire.js and npm audit I got…

node.js reactjs security npm-audit

asked Apr 08 '22 at 03:31

Konstantink1

575
1
8
26

2

votes

1 answer

npm audit fix not updating package.json

I want to fix one vulnerability and after lot of hit and trial, I want to use the fix given by npm audit fix. The npm audit says: # Run npm update mkdirp --depth 8 to resolve 10…

node.js npm package.json package-lock.json npm-audit

asked Apr 07 '22 at 14:18

user124

423
2
7
26

2

votes

0 answers

Nuxtjs issue after updating: TypeError: module.test is not a function

I am developing an application using Vuejs/Nuxtjs and I was using the "nuxt": "^2.2.0", and everything was working perfectly. I was having some vulnerability issues in npm audit so I tried to fix them using the command npm audit fix --force during…

vue.js vuejs2 nuxt.js npm-audit

asked Feb 02 '22 at 05:09

BATMAN_2008

2,788
3
31
98

2

votes

0 answers

Understanding and handling Angular npm audit fixes and dependencies

I need some help understanding and properly correcting the vulnerabilities I see when I run an npm audit (or just npm install) on my Angular project. I just updated from Angular v12 to v13 and there were several vulnerabilities listed. Note, I…

node.js angular npm npm-audit

asked Jan 12 '22 at 16:43

TonyE

113
1
8

2

votes

1 answer

npm audit fix vs npm install

There is something I don't understand with how npm audit fix works. From the docs: npm audit fix runs a full-fledged npm install under the hood So why when I run npm install and see audit vulnerabilities do I have to run npm audit fix manually to…

node.js npm npm-install npm-audit

asked Jun 23 '21 at 20:31

nrofis

8,975
14
58
113

2

votes

2 answers

How to resolve npm audit vulnerabilities? Angular fresh project

I am creating new angular project with ng new foobar - 47 vulnerabilities Then I update: ng update @angular/cli @angular/core - 39 vulnerabilities I don't know how to resolve this issue. When I run npm audit I get two blocks of informations and as…

angular npm package dependencies npm-audit

asked Jun 02 '21 at 15:44

hdw3

871
10
28

2

votes

2 answers

How to fix NPM vulnerabilities

When running npm audit, it says I have 87 vulnerabilities. npm audit fix and npm audit fix --force do not fix the issues. Here is the output for the main problems on npm audit fix. browserslist 4.0.0 - 4.16.4 Severity: moderate Regular Expression…

reactjs npm npm-audit

asked May 26 '21 at 02:36

Cole Ogrodnick

124
2
9

2

votes

0 answers

npm audit fix removes integrity value for ssri package

I just ran npm audit fix and after that checked the changes in package-lock.json. before npm audit fix: "ssri": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/ssri/-/ssri-6.0.1.tgz", "integrity":…

security npm npm-audit

asked May 13 '21 at 15:12

stefan.at.kotlin

15,347
38
147
270

2

votes

1 answer

Why cant I get the lastest version of postcss

I'm using vue-cli which has the dependency of postcss. When I run npm audit I get warnings that postcss has vulnerabilities and I have to upgrade to some newer version. How do I do this? I tried npm update, npm update -D, npm update -D…

vue.js npm vue-cli postcss npm-audit

asked May 11 '21 at 12:49

Harm

109
9

2

votes

1 answer

npm audit return 400 Bad Request

when I run npm audit I get npm audit npm ERR! code ENOAUDIT npm ERR! audit Your configured registry (http://registry.npmjs.org/) may not support audit requests, or the audit endpoint may be temporarily unavailable. npm ERR! audit The server said:…

npm npm-install npm-audit

asked May 06 '21 at 13:38

Learner

1,686
4
19
38

2

votes

0 answers

NPM audit not finding vulnerabilities

I have a CI service that runs npm audit on every build and notifies if there are high-risk vulnerabilities. The strange thing is when CI reports high vulnerabilities when I run npm audit locally, it says found 0 vulnerabilities. It will find the…

node.js npm npm-install npm-audit npm-ci

asked Apr 19 '21 at 12:44

nrofis

8,975
14
58
113

2

votes

1 answer

How does one declare a security vulnerability in an npm package as the maintainer and publisher?

When I find a security vulnerability in one of my own published packages, how can I flag a range of susceptible versions, so that downstream consumers will be notified when they run npm audit?

javascript node.js security npm npm-audit

asked Jan 27 '21 at 10:20

ChaseMoskal

7,151
5
37
50

Questions tagged [npm-audit]