Unable to fix npm vulnerabilities

Question

I am getting 6 vulnerabilities after running npm audit report:

I tried a solution and overridden the vulnerable versions of a particular package with their latest versions in package.json file like this:

"overrides": {
    "nth-check": "2.1.1",
    "@svgr/webpack": "6.5.1",
     "@svgr/plugin-svgo": "6.5.1",
     "svgo": "3.0.1",
     "css-select": "5.1.0"
  }

Then I updated the npm packages with npm update. But it did not change the result.

Tried another solution by making a resolution object in package.json and specified specific versions of a particular package, and ran it using npx i npm-force-resolutions but it gives this error:

npm ERR! could not determine executable to run.

But I am still unable to fix the npm vulnerabilities. Please help!

Answer 1

You should delete both node_modules and package-lock.json before launching npm install again; this will require more time to install all dependencies, but this will override all the version that are currently installed (it will bring also minor updates in dependencies).

Also, for this vulnerability, you only need to override nth-check. You can see the changes by executing npm list nth-check with and without the override (remember to delete both node_modules and package-lock.json).