NPM install results in 720(!!) vulnerabilities.

Question

NPM install results in 720(!!) vulnerabilities.

Closed this issue 6 years ago · 5 comments

I mean, I use Gatsby to generate static files so it doesn't really matter but Jesus, this is by far the highest vulnerability count I've seen so far.

added 2151 packages from 1166 contributors and audited 29719 packages in 343.651s
found 720 vulnerabilities (603 low, 94 moderate, 21 high, 2 critical)
  run `npm audit fix` to fix them, or `npm audit` for details

The Gatsby tutorial repos have like 3-5 vulnerabilities.

How can we fix this?

Answer 1 · 2018-08-21T08:49:51.000Z

How about run `npm audit fix` ?

Answer 2 · 2018-08-21T09:05:23.000Z

Well, that was anticlimactic lol. Down to 3 vulnerabilities and 1 package update with breaking changes.

Answer 3 · 2018-08-21T10:02:49.000Z

Could you open a PR?

Answer 4 · 2018-08-21T11:04:43.000Z

With what exactly? Just the npm audit fix or the fix for the breaking changes?

Answer 5 · 2018-08-21T11:21:37.000Z

Preferably everything. I would say a good start are your local changes.