Npm audit fix –force react script downgrade automatically

by

One of the create-react-app maintainers has announced that they cannot fix this as the vulnerabilities affect transitive dependencies, and that it should not matter.

The reasoning is that the npm audit feature was built with Node apps in mind, not build tools. Vulnerabilities in the dependencies should (in most cases) not translate to vulnerabilities in the static web app produced by create-react-app.

A possible workaround is to move react-scripts to the devDependencies section in your package.json and use npm audit --production to audit your dependencies.

Source: https://github.com/facebook/create-react-app/issues/11174

More Related Contents:

  1. Pass command line args to npm scripts in package.json
  2. What is the role of the package-lock.json?
  3. What is the difference between “npm install” and “npm ci”?
  4. Message “npm WARN config global `–global`, `–local` are deprecated. Use `–location=global` instead”
  5. how to install multiple versions of package using npm
  6. Field ‘browser’ doesn’t contain a valid alias configuration
  7. How do I correctly upgrade angular 2 (npm) to the latest version?
  8. How to fix SSL certificate error when running Npm on Windows?
  9. Browserslist: caniuse-lite is outdated. Please run next command `npm update caniuse-lite browserslist`
  10. On npm install: Unhandled rejection Error: EACCES: permission denied
  11. Do I need both package-lock.json and package.json?
  12. NPM doesn’t install module dependencies
  13. Error ‘tunneling socket’ while executing npm install
  14. npm equivalent of yarn resolutions?
  15. create-react-app dependency version issues with React 18
  16. Difference between npm start and npm run start
  17. Error: EPERM: operation not permitted, unlink ‘D:\Sources\**\node_modules\fsevents\node_modules\abbrev\package.json’
  18. How can I reference package version in npm script?
  19. How to fix EACCES issues with npm install
  20. Error in starting hyperledger fabric network with hyperledger composer
  21. How to view the dependency tree of a given npm module?
  22. What is the difference between npm-shrinkwrap.json and package-lock.json?
  23. What does “npm audit fix” exactly do?
  24. Running Mocha 6 ES6 tests with Babel 7, how to set up?
  25. Is there a difference between `npm start` and `npm run start`?
  26. webpack is not recognized as a internal or external command,operable program or batch file
  27. How to solve npm install error “npm ERR! code 1”
  28. How to avoid React loading twice with Webpack when developing
  29. NPM modules won’t install globally without sudo
  30. Difference between `npm start` & `node app.js`, when starting app?

Leave a Comment