Stack Overflow
Stack Overflow

Questions tagged [npm-audit]

`npm audit` is a command in the npm CLI that runs a security audit on a project/package to check for any known vulnerabilities.

npm audit is a command in the npm CLI that runs a security audit on a project/package to check for any known vulnerabilities.

###Reference:

132 questions
1
vote
0 answers

Cant fix Cryptiles - Insufficient entropy error

Trying to deploy a nodejs app to Heroku From npm audit i am getting an error Cryptiles - insufficient entropy error, it is apparently patched in version 4.1.2 so i tried to install that with "npm i cryptiles@4.1.2" but the error remains. I also…
Coco12
  • 73
  • 1
  • 3
  • 16
1
vote
1 answer

create-react-app installs with reported NPM vulnerabilities, should I do something?

I am new to ReactJs and started setting up a new project with $ npx create-react-app It completed but reported some vulnerabilities like following, could anyone help me with what would be the best practice to handle this or we could…
Simple Humble
  • 9
  • 3
1
vote
0 answers

How to resolve npm vulnerability with npm as the dependent package involved?

So I run npm audit and all of the vulnerabilities are due to some dependency in npm, particularly node-gyp which is using a vulnerable version of tar. Note that I don’t have node-gyp in my…
catandmouse
  • 11,309
  • 23
  • 92
  • 150
1
vote
1 answer

VUE.JS template not showing up

I have created a template for chat module. It was working fine yesterday but today there were some issues in some npm module so I ran the command npm audit fix --force and after that command is finished my chat template or any VUE template stops…
Mohsin Abbas
  • 630
  • 8
  • 29
1
vote
1 answer

npm install vulnaribilities are different for different projects

Why would installing the same node package on two different projects lead to two different audit results? One has no vulnerabilties, one has two. I can edit this description with information about the projects as needed. One project contains no…
F. Lumley
  • 685
  • 1
  • 4
  • 15
1
vote
0 answers

Are there TypeScript typings for npm audit?

I want to type the resulting JSON from npm audit --json with TypeScript. I tried npm install @types/npm --save-dev, but didn't see anything relevant there. Here's what I created for now: /** * @author Ian Campbell * * IAudit.ts */ // begin:…
Ian Campbell
  • 2,678
  • 10
  • 56
  • 104
1
vote
3 answers

The serve command requires to be run in an Angular project, but a project definition could not be found in Angular 4

I have cloned one of my old project from github and tried to install node_module and found some vulnerabilities. To fix them I ran the following command npm audit fix there were still some more vulnerabilities, so I ran the forced fix command npm…
Abhishek T.
  • 11
  • 1
  • 1
  • 6
1
vote
1 answer

Is GulpJS 3.9.1 safe to use on a local network?

I've been using Gulp for a while now and recently I noticed that there are security warnings when I install or update packages. I run the audit and get a lot of information but I'm not sure if this is in particular to use in a production server or…
David
  • 41
  • 2
1
vote
2 answers

Nothing change after executing the suggestion from npm audit

npm version 6.0.1 Run npm audit As many projects we have some vulnerabilities in ours. First thing the report suggests is: # Run npm update fsevents --depth 4 to resolve 65 vulnerabilities I did this for several times decrementing the number of…
eKelvin
  • 921
  • 1
  • 9
  • 25
0
votes
0 answers

react-router-dom 6 high severity vulnerabilities

I want to install react-router-dom but when I install it, I see security vulnerability warnings. Running npm audit in terminal gave me this: npm audit # npm audit report nth-check <2.0.1 Severity: high Inefficient Regular Expression Complexity in…
Fatma
  • 1
  • 2
0
votes
0 answers

How to fix vulnerabilities in semver and expo@44.0.6 in npm audit report?

I'm facing security vulnerabilities in my npm audit report, specifically related to semver (versions 7.0.0 - 7.5.1) and expo@44.0.6, both rated as moderate severity. Here are the details from the npm audit report: audit report: semver 7.0.0 -…
Rodgers
  • 1
0
votes
1 answer

Difference between checkmarx scan and npm audit

How the vulnerabilities are detected using checkmarx scan . How it is different from vulnerabilities Identified by running npm audit ? How npm audit works? The above post describes that npm audit gets the vulnerabilities by checking the security…
ani
  • 446
  • 1
  • 9
  • 31
0
votes
0 answers

NPM audit fix does not fix reported vulnerabilities

Hello and thanks for your time. I performed the following npm audit in an angular application. The 'fix available' section states that the issues can be addressed via 'npm audit fix' or 'npm audit fix --force'. I have done so, and no matter which…
midasxl
  • 35
  • 5
0
votes
0 answers

How is proper way to repiar npm vulnarabilities in project?

How fixes the npm audit warnings npm warnings. How is the best practice to repiar this? I'm new in programming and this is my first question please understand and reply in detail :) I trying npm audit fix --force but after this I have more warnings…
Programming Learner
  • 1
0
votes
1 answer

Angular project has 2 high severity vulnerabilities

The question I have is whether this warning is unique to me or if I can ignore this error. ng version When I create a project using the command ng new projectName, and then check the package integrity using npm audit this is the result I get The…
Ignorant Necromancer
  • 29
  • 5
1 2 3
8 9