Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

npm audit failure (high severity) due to dns-packet

See original GitHub issue

Describe the bug

npm audit currently fails on react-scripts@4.0.3 due to a high security vulnerability in dns-packet. The dependency path is react-scripts > webpack-dev-server > bonjour > multicast-dns > dns-packet. The respective npm advisory is at https://www.npmjs.com/advisories/1745.

Screenshot of the particular audit failure.

Screen Shot 2021-05-24 at 1 27 52 PM

Steps to reproduce

  1. Run npm audit on react-scripts@4.0.3
  2. Try to run npm audit fix
  3. Confirm that the fix was not auto resolved.

Expected behavior

npm audit can exit successfuly.

Actual behavior

npm audit fails

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:54
  • Comments:8 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
Primajincommented, May 28, 2021

I can confirm that npm audit fix fixes the high severity issue with dns-packet. However there are still 80 moderate vulnerabilities though.

1reaction
stahlmanDesigncommented, May 27, 2021
Read more comments on GitHub >

github_iconTop Results From Across the Web

How to fix NPM vulnerabilities
When running npm audit, it says I have 87 vulnerabilities. npm audit fix and npm audit fix --force do not fix the issues....
Read more >
Auditing package dependencies for security vulnerabilities
Running npm audit will produce a report of security vulnerabilities with the affected package name, vulnerability severity and description, path, and other ...
Read more >
Don't be alarmed by vulnerabilities after running NPM Install
What does the audit command do? It takes the current version of a package in your project and checks the list of known...
Read more >
Fix Security Issues Using Overrides - equk's blog
NPM features npm audit fix which writes the updated packages to the lock file. This can be hard to keep track of &...
Read more >
npm audit: Broken by Design
So I guess I'll say it. The way npm audit works is broken. Its rollout as a default after every npm install was...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Fix react-scripts vulnerabilities

Next page

Adding TypeScript to existing project does not add tsconfig