Menu
I create a new app using create-react-app 1 month ago and recently I got this message from npm update:
80 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
npm audit gives me:
postcss 7.0.0 - 8.2.9
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/1693
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
I try npm audit fix but nothing changes and npm audit fix --force install an older version of react-script (current 4.0.3 to 2.1.8) so it doesn't seem like a good solution.
npm install postcss@latest --save and npm install [email protected] --save doesn't change anything either.
What is the best way to fix this vulnerability?
290
asked May 20 '26 19:05
This problem has been answered here: https://stackoverflow.com/a/67502823/8499653
the support for postcss 8 is already merged and probably will be released soon
you can use the npm package npm-force-resolutions to temporarily fix this issue
122
answered May 22 '26 09:05
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With