Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

found 4982 low severity vulnerabilities using create-react-app

See original GitHub issue

Describe the bug

create-react-app showing message “found 4982 low severity vulnerabilities” after installing all dependencies.

Did you try recovering your dependencies?

Yes I did delete node_modules and package-lock.json and installed latest version of npm and then ran npm install but I still see the “found 4982 low severity vulnerabilities” message

Which terms did you search for in User Guide?

Environment

Environment Info:

current version of create-react-app: 3.4.1 running from C:\Users\DELL\AppData\Roaming\npm\node_modules\create-react-app

System: OS: Windows 10 10.0.18362 CPU: (8) x64 Intel® Core™ i5-8250U CPU @ 1.60GHz Binaries: Node: 12.18.1 - C:\Program Files\nodejs\node.EXE Yarn: Not Found npm: 6.14.5 - C:\Program Files\nodejs\npm.CMD Browsers: Edge: 44.18362.449.0 Internet Explorer: 11.0.18362.1 npmPackages: react: ^16.13.1 => 16.13.1 react-dom: ^16.13.1 => 16.13.1 react-scripts: 3.4.1 => 3.4.1 npmGlobalPackages: create-react-app: Not Found

Steps to reproduce

(Write your steps here:)

open command-line or terminal
run npx create-react-app app-name
wait till all dependencies are installed

Expected behavior

it should show message similar to found 0 vulnerabilities

Actual behavior

terminal showing message “found 4982 low severity vulnerabilities”

Reproducible demo

https://github.com/Prajwal-Jadhav/test-app

Issue Analytics

State:
Created 3 years ago
Reactions:17
Comments:21 (1 by maintainers)

Top GitHub Comments

3reactions

PaulIngliscommented, Jul 14, 2020

It has been fixed in webpack-dev-server (https://github.com/webpack/webpack-dev-server/releases/tag/v3.11.0), dep just needs updated

3reactions

buahahacommented, Jul 8, 2020

, and

npm audit

                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-scripts                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ react-scripts > webpack-dev-server > yargs > yargs-parser    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1500                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 1655 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Top Results From Across the Web

Why am I getting 6 high severity vulnerabilities on using create ...

Create React App was created by Dan Abramov. He's written an excellent article about the issues with npm audit in create-react-app.

Understanding the Base Features and Syntax – React

Creating a new React app in C:\Users\johnc\workspace1\base-syntax. Installing packages. ... found 4982 low severity vulnerabilities.

Everytime I use the create-react-app . command it tell ... - Reddit

Everytime I use the create-react-app . command it tell me I have 6 high severity vulnerabilities.

Node.js, how to solve vulnerability issues? - YouTube

Node. js, how to solve vulnerability issues? That is the question that we will give an answer on in this video. How can...

Auditing package dependencies for security vulnerabilities

If no security vulnerabilities are found, this means that packages with known vulnerabilities were not found in your package dependency tree. Since the...