Stack Overflow
Stack Overflow

Questions tagged [npm-vulnerabilities]

52 questions
0
votes
1 answer

Expo npm packages vulnerabilities not fixable

I've been trying to fix the vulnerabilities of a few packages in my React Native Expo project for a few hours now , but nothing seems to work. I've tried npm update, npm audit fix --force, npm update dep@latest, changing the version of dep with…
Mark
  • 11
0
votes
1 answer

Security Vulnerabilities After Installing some NPM Packages in ReactJS Project

So, I'm learning to create a react app that uses a CSS framework like materialize and bootstrap. I use 2 different versions of npm to create the react js app. The first one is npm 6 and the second one is npm 9 When I installed materialize or…
Firdaus
  • 33
  • 5
0
votes
0 answers

Getting critical vulnerability after adding some modules to Dockerfile

` FROM php:8.1-apache RUN apt-get update ... ... RUN docker-php-ext-install mysqli pdo_mysql && docker-php-ext-enable mysqli pdo_mysql **RUN docker-php-ext-install exif && docker-php-ext-enable exif RUN apt-get update && apt-get install -y…
Shyam Richard
  • 1
  • 1
0
votes
1 answer

Unable to fix npm vulnerabilities

I am getting 6 vulnerabilities after running npm audit report: I tried a solution and overridden the vulnerable versions of a particular package with their latest versions in package.json file like this: "overrides": { "nth-check": "2.1.1", …
Waleed Farrukh
  • 205
  • 1
  • 10
0
votes
0 answers

express npm version is showing as vulnerable

in my projects express npm package is showing as vulnerable. I checked with 4.17.1,4.18.1 packages, Please can you help, express npm version is showing as vulnerable Tried upgrading the express npm version from 4.17.1 to 4.18.1 but still its shows…
S Square
  • 1
0
votes
1 answer

NodeJs: How do I fix package vulnerabilities dependent on another npm package?

How do I sort out npm vulnerabilities dependent on another package. For example I am getting the below error where the package undici is dependent on the prismix package. Thinks I have tried: Running npm audit fix Prismix is already updated to the…
Teknoville
  • 459
  • 1
  • 7
  • 18
0
votes
0 answers

How to execute an already completed reactjs project in my local system? How to solve the vulnerabilities in a reactjs project?

I got a project from my client in which the backend is lumen and the front end is reactjs and I want to do the enhancements on that. Lumen gets installed successfully. But I failed to install the reactjs project. When I executed "npm install"…
Maya
  • 1
  • 1
0
votes
0 answers

Dependabot alerts: severity vulnerabilities not resolving for those npm audit showing No fix available

After doing the npm audit most of them were resolved by the npm audit fix but some got No Fix Available, For those, I tried installing that dependency but could not resolve it.See this screenshot of audit report
Dimple Varshney
  • 1
  • 2
0
votes
0 answers

Override Internal Dependency in Node 14

I was fixing vulnerabilities in a project for which I needed to override some internal dependencies. I used Override:{} to override those dependencies, but just now, I came to know that I could not use Node 16, and I need to fix these issues by…
W Khan
  • 1
  • 3
0
votes
1 answer

How to fix the Prisma vulnerability created by json2xls

I am using json2xls v0.1.2 package, Its is creating Prisma vulnerability, is there any way that i can fix it? npm audit result is as below. === npm audit security report === …
user0999
  • 23
  • 2
0
votes
1 answer

which package can be an alternative for mongooes dummy

const dummy = require('mongoose-dummy'); I want replace this package to its similar one in my code, its dependent module mpath and uuid creating issue. Is there any alternative package.
Trang D
  • 333
  • 5
  • 16
0
votes
3 answers

"found 1 moderate severity vulnerability" warning every time I run npm install

I am trying to install axios for a MERN app but every time I use "npm install" it gives me this: npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.3.2 (node_modules\fsevents): npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported…
Roman N.
  • 11
  • 1
  • 3
0
votes
1 answer

How can I find the NPM package that is blocking a nested dependency from updating?

When I run npm audit It tells me I have a critical vulnerability in lodash. When I run npm ls lodash I have 47 instances of lodash being deduped. How can I tell which of my dependencies are holding on to the vulnerable version?
linuxdan
  • 4,476
  • 4
  • 30
  • 41
0
votes
1 answer

high severity vulnarebilities npx create-react-app

I'm getting above mentioned error and it says to address all issues (including breaking changes), run audit fix --force when i run npm audit command, it gives following details npm WARN config global `--global`, `--local` are deprecated. Use…
Jyothi
  • 29
  • 4
0
votes
1 answer

Is there any fix available for Dicer vulnerability with Firebase admin?

I am trying to deploy my Firebase app using GitHub actions. I am running below commands for the same: npm install npm audit fix npm install firebase-tools@10.9.2 It was working perfect till 10 days back now suddenly I am getting below issue: Crash…
ajay dhamnikar
  • 35
  • 1
  • 5
1 2
3
4