When running npm audit, it says I have 87 vulnerabilities. npm audit fix and npm audit fix --force do not fix the issues.
Here is the output for the main problems on npm audit fix.
browserslist 4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service
dns-packet <5.2.2
Severity: high
Memory Exposure - https://npmjs.com/advisories/1745
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
postcss 7.0.0 - 8.2.9
Severity: moderate
Regular Expression Denial of Service
upon further inspection in package-lock.json here is the dns-packet:
"dns-packet": {
"version": "1.3.1",
"resolved": "https://registry.npmjs.org/dns-packet/-/dns-packet-1.3.1.tgz",
"integrity": "sha512-0UxfQkMhYAUaZI+xrNZOz/as5KgDU0M/fQ9b6SpkyLbk3GEswDi6PADJVaYJradtRVsRIlF1zLyOodbcTCDzUg==",
"requires": {
"ip": "^1.1.0",
"safe-buffer": "^5.0.1"
}
},
It says on npm documentation that the latest version of dns-packet should be 5.2.3. I tried deleting package-lock.json and node modules and running npm install but that did not work. Here is what npm install spits out:
npm WARN deprecated [email protected]: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated [email protected]: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated [email protected]: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated @hapi/[email protected]: Moved to 'npm install @sideway/address'
npm WARN deprecated [email protected]: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-babel.
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/[email protected]: Switch to 'npm install joi'
npm WARN deprecated [email protected]: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.
At this point I have no idea what the problem is. I hadn't installed anything for a while. Went to go install redux and react-redux and it started telling me there were vulnerabilities. Not sure where to go from here.
edit: I ran npm i npm@latest and shows this in the console:
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! Found: @babel/[email protected]
npm ERR! node_modules/@babel/core
npm ERR! @babel/core@"7.12.3" from [email protected]
npm ERR! node_modules/react-scripts
npm ERR! react-scripts@"4.0.3" from the root project
npm ERR! @babel/core@"^7.12.3" from @svgr/[email protected]
npm ERR! node_modules/@svgr/webpack
npm ERR! @svgr/webpack@"5.5.0" from [email protected]
npm ERR! node_modules/react-scripts
npm ERR! react-scripts@"4.0.3" from the root project
npm ERR! 9 more (babel-jest, babel-loader, ...)
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer @babel/core@"^7.13.0" from @babel/[email protected]
npm ERR! node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm ERR! @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.13.12" from @babel/[email protected]
npm ERR! node_modules/@babel/preset-env
npm ERR! @babel/preset-env@"^7.12.1" from @svgr/[email protected]
npm ERR! node_modules/@svgr/webpack
npm ERR! @svgr/webpack@"5.5.0" from [email protected]
npm ERR! node_modules/react-scripts
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
the possible solution is to update all node modules don't forget to take a backup of your packages.json file