0

I've been testing working with react & node js but as I'm still very new, I'm unsure of how to resolve the errors I'm receiving below.

I've already tried addressing them with npm audit fix and npm audit fix --force to no avail.

I also tried uninstalling request and the same errors pop..

Thank you! (in root) request * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 No fix available node_modules/request fuel-auth * Depends on vulnerable versions of request node_modules/fuel-auth fuel-rest * Depends on vulnerable versions of fuel-auth Depends on vulnerable versions of request node_modules/fuel-rest

3 moderate severity vulnerabilities

(in client) Severity: high Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/@svgr/plugin-svgo/node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/@svgr/plugin-svgo/node_modules/css-select svgo 1.0.0 - 1.3.2 Depends on vulnerable versions of css-select node_modules/@svgr/plugin-svgo/node_modules/svgo @svgr/plugin-svgo <=5.5.0 Depends on vulnerable versions of svgo node_modules/@svgr/plugin-svgo @svgr/webpack 4.0.0 - 5.5.0 Depends on vulnerable versions of @svgr/plugin-svgo node_modules/@svgr/webpack react-scripts >=2.1.4 Depends on vulnerable versions of @svgr/webpack node_modules/react-scripts

6 high severity vulnerabilities

npm audit fix npm audit fix --force uninstalling packages

Improve this question
2
  • I got the errors in the client dir to resolve by using npm update instead of npm install name@latest. Commented Apr 2, 2023 at 13:50
  • resolved the second set of errors by installing request globally Commented Apr 2, 2023 at 14:02

1 Answer 1

Reset to default
0

npm audit is not a useful tool for determining real vulnerabilities in your code. The TL;DR is that it will display "high severity" issues that do not actually exist in your application, most of the time.

See: https://overreacted.io/npm-audit-broken-by-design/ and What does "npm audit fix" exactly do?

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Got it, thanks for mentioning this. It keeps giving me the same errors every now & then related to svgo and css-select, but this seems to be a recurring theme.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.