-
Notifications
You must be signed in to change notification settings - Fork 10
node npm fix vulnerabilities tl;dr
Michael Hulse edited this page Dec 27, 2018
·
2 revisions
If you see:
$ npm install
npm WARN [email protected] No description
npm WARN [email protected] No license field.
added 173 packages from 120 contributors, updated 4 packages and audited 583 packages in 12.293s
found 17 vulnerabilities (16 moderate, 1 high)
run `npm audit fix` to fix them, or `npm audit` for details
Follow these steps to fix:
- Run
npm update
- Run
npm audit fix --force
- Run
npm audit
to make sure you’re up-to-date - Run
npm outdated
to see what needs updating - If packages are old, use
npm i <package-name>@latest
If you can’t update vulnerabilities because they are a part of another package’s dependencies, copy the output of npm audit
and create an issue on the parent repo’s issue tracker. If you can’t wait for a fix, either do the work yourself and make a PR, or find a new package sans vulnerabilities.