Home > Mobile >  "found 1 moderate severity vulnerability" warning every time I run npm install
"found 1 moderate severity vulnerability" warning every time I run npm install

Time:06-29

I am trying to install axios for a MERN app but every time I use "npm install" it gives me this:

npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

audited 241 packages in 1.113s

30 packages are looking for funding
  run `npm fund` for details

found 1 moderate severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details

running "npm audit fix" shows:

npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

up to date in 0.874s

30 packages are looking for funding
  run `npm fund` for details

fixed 0 of 1 vulnerability in 241 scanned packages
  1 vulnerability required manual review and could not be updated

for "npm audit":

                   === npm audit security report ===                        


                             Manual Review                                  
         Some vulnerabilities require your attention to resolve             
                                                                            
      Visit https://go.npm.me/audit-guide for additional guidance           



Moderate        Got allows a redirect to a UNIX socket                        

  Package         got                                                           

  Patched in      >=11.8.5                                                      

  Dependency of   nodemon [dev]                                                 

  Path            nodemon > update-notifier > latest-version > package-json >   
                  got                                                           

  More info       https://github.com/advisories/GHSA-pfrx-2q88-qq97             

found 1 moderate severity vulnerability in 241 scanned packages
  1 vulnerability requires manual review. See the full report for details.

I tried updating "got" in package-lock.json by manually replacing it's current version with a stable one, but then when I run npm install again, the file reverts back to it's original state. I'm fairly new to this so is that normal or am I updating the wrong way? I tried the same for update-notifier but it does the same thing. It's been days and I've tried countless other things but the warning just won't go away. I'd greatly appreciate any help. Thanks in advance.

CodePudding user response:

You stated that you've tried updating the package-lock file, but you should be updating the package.json file instead. You can also try some other common fixes below.

1 - Delete your package-lock.json

2 - Delete your node_modules folder

3 - Try npm install again

Quoted from here.

CodePudding user response:

If you want npm to install from package-lock.json run npm ci

  • Related