npm audit failure (high severity) due to dns-packet
See original GitHub issueDescribe the bug
npm audit currently fails on react-scripts@4.0.3
due to a high security vulnerability in dns-packet
. The dependency path is react-scripts > webpack-dev-server > bonjour > multicast-dns > dns-packet
. The respective npm advisory is at https://www.npmjs.com/advisories/1745.
Screenshot of the particular audit failure.
Steps to reproduce
- Run
npm audit
onreact-scripts@4.0.3
- Try to run
npm audit fix
- Confirm that the fix was not auto resolved.
Expected behavior
npm audit can exit successfuly.
Actual behavior
npm audit fails
Issue Analytics
- State:
- Created 2 years ago
- Reactions:54
- Comments:8 (3 by maintainers)
Top Results From Across the Web
How to fix NPM vulnerabilities
When running npm audit, it says I have 87 vulnerabilities. npm audit fix and npm audit fix --force do not fix the issues....
Read more >Auditing package dependencies for security vulnerabilities
Running npm audit will produce a report of security vulnerabilities with the affected package name, vulnerability severity and description, path, and other ...
Read more >Don't be alarmed by vulnerabilities after running NPM Install
What does the audit command do? It takes the current version of a package in your project and checks the list of known...
Read more >Fix Security Issues Using Overrides - equk's blog
NPM features npm audit fix which writes the updated packages to the lock file. This can be hard to keep track of &...
Read more >npm audit: Broken by Design
So I guess I'll say it. The way npm audit works is broken. Its rollout as a default after every npm install was...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I can confirm that
npm audit fix
fixes the high severity issue with dns-packet. However there are still80 moderate
vulnerabilities though.npm audit fix
now updates dns-packet https://github.com/facebook/create-react-app/issues/11012#issuecomment-849723375