Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Npm install high severity issues react native 0.66
See original GitHub issueDescription
After I try to install a npm library I saw a heavy list of vulnerabilities which was mostly pointing to set-value issue https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541. I tried setting up a fresh rn project (0.66) and this is also occuring
React Native version:
0.66 and 0.64 (current project I’m working)
Steps To Reproduce
- initialize project using
npx react-native init AwesomeProjectcommand - run npm install after setup and then the vulnerabilities will appear
Expected Results
Minimal to none vulnerabilities I’m just curious if it is ok to ignore the vulnerabilies?
Issue Analytics
- State:
- Created 2 years ago
- Reactions:8
- Comments:9
Top Results From Across the Web
Found 4 vulnerabilities on npm install
I got 164 vulnerabilities found - Packages audited: 20493 (312 dev, 1044 optional). Severity: 110 low | 35 moderate | 19 high. –...
Read more >Upgrading to new versions
Upgrading to new versions of React Native will give you access to more APIs, views, developer tools and other goodies.
Read more >Don't be alarmed by vulnerabilities after running NPM Install
You shouldn't just blindly upgrade the projects by running npm audit fix as the report says. That will automatically upgrade the package to...
Read more >Npm audit shows I have 16 high and 2 critical errors : r/reactjs
I tried deleting node_modules, deleted package-lock.json. Upgrading all packages in package.json to the newest versions. Running npm install .
Read more >Troubleshooting
Sometimes it might even be due to a corrupt installation. If clearing cache didn't work, try deleting your node_modules folder and run npm...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Can we get a fix on these HIGH SEVERITY vulnerabilities
Vulnerable module: shell-quote
Introduced through: @react-native-community/cli-platform-android@6.3.0, @react-native-community/cli@6.3.1 and others Detailed paths Introduced through: react-native@0.66.4 › @react-native-community/cli-platform-android@6.3.0 › @react-native-community/cli-tools@6.2.0 › shell-quote@1.6.1 Introduced through: react-native@0.66.4 › @react-native-community/cli@6.3.1 › @react-native-community/cli-tools@6.2.0 › shell-quote@1.6.1 Introduced through: react-native@0.66.4 › @react-native-community/cli-platform-ios@6.2.0 › @react-native-community/cli-tools@6.2.0 › shell-quote@1.6.1 Introduced through: react-native@0.66.4 › @react-native-community/cli@6.3.1 › @react-native-community/cli-hermes@6.3.0 › @react-native-community/cli-tools@6.2.0 › shell-quote@1.6.1 Introduced through: react-native@0.66.4 › @react-native-community/cli@6.3.1 › @react-native-community/cli-server-api@6.2.0 › @react-native-community/cli-tools@6.2.0 › shell-quote@1.6.1 Introduced through: react-native@0.66.4 › @react-native-community/cli@6.3.1 › @react-native-community/cli-plugin-metro@6.2.0 › @react-native-community/cli-tools@6.2.0 › shell-quote@1.6.1 Introduced through: react-native@0.66.4 › @react-native-community/cli@6.3.1 › @react-native-community/cli-hermes@6.3.0 › @react-native-community/cli-platform-android@6.3.0 › @react-native-community/cli-tools@6.2.0 › shell-quote@1.6.1 Introduced through: react-native@0.66.4 › @react-native-community/cli@6.3.1 › @react-native-community/cli-plugin-metro@6.2.0 › @react-native-community/cli-server-api@6.2.0 › @react-native-community/cli-tools@6.2.0 › shell-quote@1.6.1
Regular Expression Denial of Service (ReDoS)
Vulnerable module: ansi-regex Introduced through: @react-native-community/cli@6.3.1, @react-native-community/cli-platform-ios@6.2.0 and others Detailed paths Introduced through: react-native@0.66.4 › @react-native-community/cli@6.3.1 › strip-ansi@5.2.0 › ansi-regex@4.1.0 Introduced through: react-native@0.66.4 › @react-native-community/cli@6.3.1 › ora@3.4.0 › strip-ansi@5.2.0 › ansi-regex@4.1.0 Introduced through: react-native@0.66.4 › @react-native-community/cli-platform-ios@6.2.0 › ora@3.4.0 › strip-ansi@5.2.0 › ansi-regex@4.1.0 Introduced through: react-native@0.66.4 › @react-native-community/cli-platform-android@6.3.0 › logkitty@0.7.1 › ansi-fragments@0.2.1 › strip-ansi@5.2.0 › ansi-regex@4.1.0 Introduced through: react-native@0.66.4 › @react-native-community/cli@6.3.1 › @react-native-community/cli-types@6.0.0 › ora@3.4.0 › strip-ansi@5.2.0 › ansi-regex@4.1.0 Introduced through: react-native@0.66.4 › @react-native-community/cli@6.3.1 › @react-native-community/cli-hermes@6.3.0 › @react-native-community/cli-platform-android@6.3.0 › logkitty@0.7.1 › ansi-fragments@0.2.1 › strip-ansi@5.2.0 › ansi-regex@4.1.0
Is there a fix that was merged / is being worked on regarding this vulnerability?