Found 4 vulnerabilities on npm install

reactjs security react-native npm
160,029

Solution 1

This is a result of the new npm version including the audit command.

It isn't some new issue with the Angular CLI, npm just introduced new functionality in npm to warn users about vulnerabilities in the packages they're installing - so there's no "new" vulnerability in Angular, it's just that now npm is now warning you about vulnerabilities that already existed:

https://blog.npmjs.org/

Most of the issues stem from Karma, so it'd need to be fixed there for the Angular team to pull in a new Karma version karma-runner/karma#2994

Solution 2

If you have ran npm audit and got vulnerabilities, then you can have different scenarios:

Security vulnerabilities found with suggested updates

  • Run the npm audit fix subcommand to automatically install compatible updates to vulnerable dependencies.

  • Run the recommended commands individually to install updates to vulnerable dependencies. (Some updates may be semver-breaking changes; for more information, see "SEMVER warnings".)

Security vulnerabilities found requiring manual review

  • If security vulnerabilities are found, but no patches are available, the audit report will provide information about the vulnerability so you can investigate further.

Source: Reviewing and acting on the security audit report

Solution 3

Even after running npm audit fix if it is not fixed, then to proceed I think you should Turn off npm audit. Use below command to turn off npm audit.

when installing a single package.

npm install example-package-name --no-audit

To turn off npm audit when installing all packages

npm set audit false

it will set the audit setting to false in your user and global npmrc config files.

for reference visit : turn-off-npm-audit

Hope it will help and you can proceed to your work :) Happy codding

Solution 4

I had the same issue and log was like below:

Testing binary
Binary is fine
added 1166 packages from 1172 contributors and audited 39128 packages in 112.505s
found 1 high severity vulnerability

I executed the below command and it was fixed.

npm audit fix

log shows as below:

Testing binary
Binary is fine
+ @angular-devkit/[email protected]
added 18 packages from 47 contributors, removed 14 packages and updated 52 packages in 64.529s
fixed 1 of 1 vulnerability in 39128 scanned packages

Solution 5

I faced the same issue while installing react-native navigation, using:

npm install react-navigation

For me, npm audit-fix didn't worked well. npm use to have some limitations. For me, yarn worked:

yarn add <package-name>
Share:
160,029
Dazzle
Author by

Dazzle

Updated on July 23, 2022

Comments

  • Dazzle
    Dazzle almost 2 years

    I am just getting started with react-native. On installing this package

    npm install --save react-native-validator-form

    https://github.com/NewOldMax/react-native-validator-form/issues/3

    I was prompted to npm audit and I was shown 4 vulnerabilities (listed above)

    After running the 2 helper commands, I was prompted with another 2 vulnerabilities (see link)

    How can I fix the remaining issues?

    Updating the respective npm packages didn't work.

    Not sure how to proceed?

  • Kevin Gagnon
    Kevin Gagnon over 5 years
    OP never mentioned he was on Windows. Also, how will having higher permissions on the project fix vulnerabilities in the dependencies.
  • Andre Ravazzi
    Andre Ravazzi almost 5 years
    You should never ever run npm install with administrative privileges! You should change the folder privileges, not the command. Check this
  • William
    William over 2 years
    So what is the fix?
  • Ale DC
    Ale DC about 2 years
    that is a dangerous practice. Don't do that.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Error: Cannot find module "react-native" / Module not found: Error: Cannot resolve module 'react-native-web'
bundling failed: Error: Cannot find module 'babel-preset-react-native-stage-0/decorator-support'
React Native - __DEV__ is not defined
Cannot read property 'string' of undefined | React.PropTypes | LayoutPropTypes.js
Cannot uninstall webpack from react-script
How to fix npm audit fix issues?
react-native, bundling failed
How to fix npm start "cannot determine native SDK version" error?
React Native: No propType for native prop RCTView.maxHeight
firebase emulator with real devices