Vulnerabilitites after npm install

Question

Vulnerabilitites after npm install

Closed this issue 6 years ago · 6 comments

crashbdx commented 6 years ago

Hi, i get the following message in the terminal after doing npm install:

found 24 vulnerabilities (7 low, 13 moderate, 4 high) in 1941 scanned packages

Is it normal ? can i fix it ?

Thank you in advance.

Answer 1 · 2018-10-16T15:23:55.000Z

This is a problem of npm, not of the repo. Try to run npm audit fix to fix it.

Answer 2 · 2018-10-16T15:54:00.000Z

Will do thanks for the help :)

Answer 3 · 2018-10-16T21:28:56.000Z

Hi there! I just ran npm audit fix in the repo as wel. It fixed all the vulnerabilities that could be fixed without breaking functionality. So some of the npm packages have been updated if you fetch the latest package.json.

Answer 4 · 2018-10-16T21:33:20.000Z

It doesn’t matter because we will run npm install on installation. And node_modules is ignored by .gitignore and it’s correct like that.
Anyone should run npm audit fix on their machine.

Answer 5 · 2018-10-16T21:47:51.000Z

Well yes the node_modules directory is ignored, however package.json specifies which npm packages to install. So the next person using this repo will not get all of the security warnings, since I pushed the updated package.json file after running npm audit fix.

Answer 6 · 2018-10-16T21:49:03.000Z

Oh fine! Nice