Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
NPM reports 63 High severity vulnerabilities
See original GitHub issue🐛 bug report
NPM found 63 High severity vulnerabilities when being installed/audited.
🎛 Configuration (.babelrc, package.json, cli command)
My package.json:
{
"name": "dashboard",
"version": "1.0.0",
"scripts": {
"start": "parcel src/dashboard.html",
"build": "parcel build src/dashboard.html"
},
"license": "MIT",
"dependencies": {
"parcel-bundler": "^1.12.3",
"typescript": "^3.5.3",
"vue": "^2.6.10",
"vue-hot-reload-api": "^2.3.3"
},
"devDependencies": {
"@vue/component-compiler-utils": "^3.0.0",
"apexcharts": "^3.8.2",
"axios": "^0.19.0",
"vue-apexcharts": "^1.3.6",
"vue-property-decorator": "^8.2.1",
"vue-template-compiler": "^2.6.10"
}
}
🤔 Expected Behavior
The package should install with 0 vulnerabilities
😯 Current Behavior
On install/audit:
+ parcel-bundler@1.12.3
added 720 packages from 525 contributors and audited 8295 packages in 33.612s
found 63 high severity vulnerabilities
💁 Possible Solution
🔦 Context
💻 Code Sample
The NPM audit report: parcel-audit.txt
🌍 Your Environment
| Software | Version(s) |
|---|---|
| Parcel | 1.12.3 |
| Node | 12.4.0 |
| npm/Yarn | 6.9.0 |
| Operating System | Windows 10 Pro x64 |
Issue Analytics
- State:
- Created 4 years ago
- Reactions:3
- Comments:10 (5 by maintainers)
Top Results From Across the Web
Don't be alarmed by vulnerabilities after running NPM Install
Should you be alarmed? NO! · NPM moderate vulnerability · NPM high vulnerability.
Read more >Found 4 vulnerabilities on npm install - Stack Overflow
I got 164 vulnerabilities found - Packages audited: 20493 (312 dev, 1044 optional). Severity: 110 low | 35 moderate | 19 high. –...
Read more >Auditing package dependencies for security vulnerabilities
Running npm audit will produce a report of security vulnerabilities with the affected package name, vulnerability severity and description, path, ...
Read more >How to Fix Security Vulnerabilities with NPM - IFS Blog
Get a detailed report of the security vulnerabilities with npm audit. It will show in which package you have the issue, severity, ...
Read more >Docker for Node.js Developers: 5 Things You Need to Know ...
Running your Node.js application in a Docker container can be as simple as ... Base Image Vulnerabilities Severity node:15 554 56 high, 63...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@DeMoorJasper I agree with you on npm counting this has multiple deps.
I know this sounds trivial, and it doesn’t affect parcel, but it will be awesome to get rid of those warnings and the solutions look easy enough:
https://www.npmjs.com/advisories/1012
This is what’s causing it, published today