Stack Overflow
Stack Overflow

Questions tagged [npm-audit]

`npm audit` is a command in the npm CLI that runs a security audit on a project/package to check for any known vulnerabilities.

npm audit is a command in the npm CLI that runs a security audit on a project/package to check for any known vulnerabilities.

###Reference:

132 questions
1
vote
1 answer

Only show critical errors of NPM audit on Azure Pipeline build

I am using NPM audit on my Azure Pipeline build using the following custom command npm audit --registry=https://registry.npmjs.org/ | Select-String -Pattern ( "Critical") -Context 0,10 The idea here is that I only want to fail this step if there…
MatthewHall3D
  • 41
  • 8
1
vote
0 answers

npm audit fails cannot find package-lock

I have this configuration: $ node -v v16.13.0 $ npm -v 8.1.2 $ npm config get shrinkwrap true $ npm config get package-lock true FWIW I'm on macOS 10.15.17 and Node.js is installed via MacPorts. When I run npm install or npm install…
David Herron
  • 898
  • 2
  • 12
  • 22
1
vote
0 answers

npm audit fix causes cascading vulnerabilities

See this console output with npm. First, when I run npm audit it tells me I need to downgrade from react-scripts@4.0.3 to react-scripts@3.4.4 because of supposed vulnerabilities with the newer version? So I follow the advice of npm and run npm audit…
notacorn
  • 3,526
  • 4
  • 30
  • 60
1
vote
1 answer

ReactJs : npm erorr with respect to node-sass

While trying to run npm audit fix and npm audit fix --force to fix few vulnerabilities in a sample react app, I came about this error which I am not able to find a fix for. Can I get some help with regards to this? I am new to reactjs and I am…
Jishnu Mk
  • 143
  • 1
  • 3
  • 12
1
vote
0 answers

Cannot fix last 2 vulnerabilities in npm audit. "npm audit fix --force" not helping

I'm pretty stuck on how to fix this. So my CI is not letting me checkin as a node package audit check comes back more than moderate our policy fails the build audit-ci --moderate Out of the blue today I got a bunch of high severity…
friartuck
  • 2,954
  • 4
  • 33
  • 67
1
vote
1 answer

I have 5 moderate severity vulnerabilities when I checked the npm audit

How can I fix these errors given below? $ npm audit # npm audit report glob-parent <5.1.2 Severity: moderate Regular expression denial of service - https://npmjs.com/advisories/1751 No fix…
Munavvir Muneer
  • 11
  • 1
  • 2
1
vote
1 answer

npm audit --force is not recommended if you are not expert. What to do then? Is my app on production insecure?

I am new to Angular and when I was doing the typical npm install I found the also usual (at least for me) warnings like these: found 42 vulnerabilities (40 moderate, 2 high) run `npm audit fix` to fix them, or `npm audit` for details After…
user6791921
1
vote
3 answers

How to fix npm vulnerabilities? I tried two methods, problems persist

I am making a React app. I npm installed bootstrap, vulnerabilities popped up afterwards. Here is an example of two items from npm audit What I tried: I installed and ran npm-check-updates, which updated a few modules, but the problems persist. I…
Clueless
  • 61
  • 8
1
vote
1 answer

How to resolve dependency tree NPM

I'm working on a react project where I'm getting 101 vulnerabilities (Severity: 95 Moderate | 6 High). Npm/yarn audit fix does not work because all of these have transitive dependencies. I cannot fix them directly cause they give me breaking…
user14981754
1
vote
0 answers

Severity vulnerability - npm- laravel 8 packages and dependency

High Denial of Service Package css-what Patched in >=5.0.1 Dependency of laravel-mix [dev] Path laravel-mix > cssnano > cssnano-preset-default > postcss-svgo > svgo >…
Md Nurul Afsar Pervez
  • 79
  • 1
  • 1
  • 9
1
vote
3 answers

Npm audit issue, keeps getting error again and again

Keeps getting this issue, in my new github repo, cleaned cache, again installed npm but nothing seem to work now, what should i do? how can i fix this? even if i do npm audit fix it return with the following code again and again. up to date, audited…
user14867981
1
vote
1 answer

Forked a react tutorial repo from github and after npm install found 1 critical issue among others. Just ignore or run npm audit fix?

I am following a tutorial on youtube and forked the repo. After running npm install I get the following: found 45634 vulnerabilities (42263 low, 21 moderate, 3349 high, 1 critical) in 1547 scanned packages run `npm audit fix` to fix 45333 of…
Aaron
  • 176
  • 3
  • 14
1
vote
1 answer

NPM Audit on private package in artifactory

Is there a way to run npm audit on the private packages in Artifactory. Currently artifactory is running npm audit on the packages downloaded from remote repository(NPM public registry). But, we want to scan the packages developed internally as…
Ananth Francis
  • 141
  • 1
  • 4
  • 12
1
vote
0 answers

why npm-audit fails for react-native-unimodule

I am trying to run npm audit on my react-native project which originally was an expo project and ejected to bare workflow. When I run npm audit, I get npm ERR! code ELOCKVERIFY npm ERR! Errors were found in your package-lock.json, run npm install …
Kamrul
  • 7,175
  • 3
  • 31
  • 31
1
vote
0 answers

How do I quickly find the proper fixes for the dependency chain suggested by npm audit?

I'm participating an Open Source project which currently uses phantom.js as a dev dependency. npm audit shows that phantom.js has 13 vulnerabilites and some dependency chains are somewhat long: Moderate Prototype Pollution Package …
YakovL
  • 7,557
  • 12
  • 62
  • 102
1 2 3
8 9