Menu
I am just getting started with react-native. On installing this package
npm install --save react-native-validator-form https://github.com/NewOldMax/react-native-validator-form/issues/3
I was prompted to npm audit and I was shown 4 vulnerabilities (listed above)
After running the 2 helper commands, I was prompted with another 2 vulnerabilities (see link)
How can I fix the remaining issues?
Updating the respective npm packages didn't work.
Not sure how to proceed?
888
It's probably because package management for even a medium-sized project is a constant battle, as new vulnerabilities are being discovered every day. What if you run npm audit fix ? Does that help you? because decencies are old and they are way behind than stable/latest version of that package.
This is a result of the new npm version including the audit command.
It isn't some new issue with the Angular CLI, npm just introduced new functionality in npm to warn users about vulnerabilities in the packages they're installing - so there's no "new" vulnerability in Angular, it's just that now npm is now warning you about vulnerabilities that already existed:
https://blog.npmjs.org/
Most of the issues stem from Karma, so it'd need to be fixed there for the Angular team to pull in a new Karma version karma-runner/karma#2994
185
If you have ran npm audit and got vulnerabilities, then you can have different scenarios:
Run the npm audit fix subcommand to automatically install compatible updates to vulnerable dependencies.
Run the recommended commands individually to install updates to vulnerable dependencies. (Some updates may be semver-breaking changes; for more information, see "SEMVER warnings".)
Source: Reviewing and acting on the security audit report
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
