Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
How to fix vulnerabilities?
See original GitHub issueWhen trying to start frontend, after installing all dependencies, I got 300+ vulnerabilities required for manual fix and 3 packages involve breaking updates. I’m pretty new to npm, is there any guide to fix these vulnerabilities?
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (5 by maintainers)
Top Results From Across the Web
Fixing a vulnerability - Kaspersky Knowledge Base
You can fix a vulnerability by installing an operating system update, changing the application configuration, or installing an application patch.
Read more >Fix your vulnerabilities - Snyk User Docs
Snyk helps you to fix vulnerabilities, by upgrading the direct dependencies to a vulnerability-free version, or by patching the vulnerability.
Read more >How to fix the top 5 cybersecurity vulnerabilities - TechTarget
Check out the top five cybersecurity vulnerabilities and find out how to prevent data loss or exposure, whether the problem is end-user gullibility,...
Read more >5 Ways to Fix Security Vulnerabilities - Cimcor
1. Make Security a Company-Wide Culture · 2. Focus on Compliance · 3. Automate · 4. Address Internal Threats · 5. Prioritize Threat...
Read more >3 Essential Steps For Vulnerability Remediation Process
Find and Fix: The Vulnerability Remediation Process · Step #1: Know Your Code · Step #2: Prioritize Your Vulnerabilities · Step #3: Fix...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Yeah, we have not updated the frontend dev-server for quite some time now and are evaluating to replace it in favor for create react app which will somewhat resolve the issue. AFAIK there is no automatic way of fixing this, so its more or less manual upgrading and resolving breaking changes that is needed. However, these vulnerabilities is not always alarming since the dev-dependencies will only live on your local machine. I would probably focus on upgrading everything in the non-dev list which is not much and then live with the warnings.
The thing with npm and npm audit is that most packages have dependencies, that have dependencies which also have dependencies and so it goes. If any of those deps have a known issue it will get reported, so if you want to keep vulnerabillity-list at zero you will not spend much time on actually building stuff. I tried doing a “npm audit fix” (which automaticly resolve as much as it can) on a fresh Wagtail-Pipit install and after that there were no vulnrabillity of class “High”, and all remaining vulnurabillities were dependencies of [dev]-packages, so i would not worry too much about it.
This is kind of a nice read on the topic of npm audit warnings and description of the problem: https://www.voitanos.io/blog/don-t-be-alarmed-by-vulnerabilities-after-running-npm-install
For progress on dev-server replacement, follow: #168
I just released 6.2.0 (https://github.com/Frojd/Wagtail-Pipit/releases/tag/v6.2.0) that solves this issue, Thanks to @adsee42 for raising the issue and @mikaelengstrom and @rinti for your wise words.