96 vulnerabilities after running npx create-react-app my-app command
See original GitHub issuenode version 16.3.0
nom version 7.15.1
While executing the command npx create-react-app my-app
, I am getting
96 vulnerabilities (85 moderate, 11 high)
Please check.
Installing packages. This might take a couple of minutes.
Installing react, react-dom, and react-scripts with cra-template...
added 1922 packages, and audited 1923 packages in 60s
145 packages are looking for funding
run `npm fund` for details
96 vulnerabilities (85 moderate, 11 high)
To address all issues, run:
npm audit fix
Run `npm audit` for details.
Initialized a git repository.
Installing template dependencies using npm...
added 32 packages, and audited 1955 packages in 9s
145 packages are looking for funding
run `npm fund` for details
96 vulnerabilities (85 moderate, 11 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Removing template package using npm...
removed 1 package, and audited 1954 packages in 7s
145 packages are looking for funding
run `npm fund` for details
96 vulnerabilities (85 moderate, 11 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Created git commit.
Success! Created my-app at /Users/bikashagrawal/react-projects/my-app
Inside that directory, you can run several commands:
npm start
Starts the development server.
npm run build
Bundles the app into static files for production.
npm test
Starts the test runner.
npm run eject
Removes this tool and copies build dependencies, configuration files
and scripts into the app directory. If you do this, you can’t go back!
We suggest that you begin by typing:
cd my-app
npm start
Happy hacking!
I tried to run npm audit fix
and npm audit fix --force
, but it didn’t help.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:35
- Comments:30 (3 by maintainers)
Top Results From Across the Web
Moderate severity vulnerabilities while running create react ...
While running npx create-react-app my-app, I am getting 10 moderate severity vulnerabilities. Not able to fix even after running npm audit ...
Read more >Create React App
Whether you're using React or another library, Create React App lets you focus on code, not build tools. To create a project called...
Read more >create-react-app | Yarn - Package Manager
6 vulnerabilities. Create ... This package includes the global command for Create React App. ... Inside any created project that has not been...
Read more >create-react-app not working ⚠️ error solved - YouTube
In this video, we will solve the error in reactjs that We no longer support global installation of Create React App. ✔️ create...
Read more >Why is the latest npx create-react-app my-app STILL showing ...
For example: found 8 vulnerabilities (4 moderate, 4 high) run ... create-react-app my-app STILL showing high vulnerabilites after install ?
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
This is extremely important to be fixed as soon as possible.
A lot of this has to do with the fact that react-scripts is added as a dependency in stead of a devDependency. Technically, the vulnerabilities will not be deployed unless they are also dependencies of your package or another dependency that will get deployed.
I have proposed here that react-scripts should be a devDependency again so we don’t have to ignore a bunch of vulnerabilities every few weeks.
Edit: fixed link