npm audit fails on http-proxy
See original GitHub issueDescribe the bug
npm audit
fails on http-proxy
Original issue: https://github.com/http-party/node-http-proxy/issues/1446
Did you try recovering your dependencies?
Yes.
npm --version
6.14.5
Which terms did you search for in User Guide?
(Write your answer here if relevant.)
Environment
Environment Info:
current version of create-react-app: 3.4.1
running from /Users/sergeikriger/.npm/_npx/73840/lib/node_modules/create-react-app
System:
OS: macOS 10.15.3
CPU: (8) x64 Intel(R) Core(TM) i7-8569U CPU @ 2.80GHz
Binaries:
Node: 12.11.1 - ~/.nvm/versions/node/v12.11.1/bin/node
Yarn: 1.19.0 - /usr/local/bin/yarn
npm: 6.14.5 - ~/.nvm/versions/node/v12.11.1/bin/npm
Browsers:
Chrome: 81.0.4044.138
Firefox: 76.0.1
Safari: 13.0.5
npmPackages:
react: 16.9.0 => 16.9.0
react-dom: 16.9.0 => 16.9.0
react-scripts: ^3.4.0 => 3.4.1
npmGlobalPackages:
create-react-app: Not Found
Steps to reproduce
npm audit
Expected behavior
Audit passes.
Actual behavior
Audit fails:
Reproducible demo
(Paste the link to an example project and exact instructions to reproduce the issue.)
Issue Analytics
- State:
- Created 3 years ago
- Reactions:15
- Comments:7
Top Results From Across the Web
https-proxy-agent upgraded to 3.0.0 but npm audit still ...
As of October 18, 2019, with a fix provided for NPM package https-proxy-agent, even after upgrading to the latest version, the audit warning ......
Read more >npm audit fails with 500 response using group and anonymous
So it seems group repo permissions not working for npm audit. Steps to reproduce: 1) Create a npm hosted and proxy (to npmjs)...
Read more >Npm audit fails with 500 response in case artifactory didn't got ...
Execute npm audit on the package from step 2. Workaround: Increase the Xray Artifactory connection socket timeout, in the following line with higher...
Read more >npm-audit
It may be useful in CI environments to include the --audit-level parameter to specify the minimum vulnerability level that will cause the command...
Read more >Fixing security vulnerabilities in npm dependencies in less ...
npm audit log showing minimist as a prototype pollution vulnerability ... Today when I started working I had to deal with this error...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
+1 same issue here, blocking CI to deploy
http-proxy@1.18.1
is now whitelisted: https://www.npmjs.com/advisories/1486/versionsThink if you just refresh/update the lockfiles or reinstall the dependencies you should be able to get the latest
http-proxy@1.18.1
, without having to wait for webpack-dev-server.Optionally, with
yarn
you could also addresolutions
to your package.json: https://classic.yarnpkg.com/en/docs/selective-version-resolutions/#toc-how-to-use-it