Reputation: 19
found 11 low severity vulnerabilities - React Native Project
Whenever I create a new React Native project using react-native init <projname>, and then try to install any NPM Package required for my project, I always end up with this error -
found 11 low severity vulnerabilities
How should I solve this error?
I've already tried npm audit fix. But it says the errors should be resolved manually.
$ npm install react-native-elements --save
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\sane.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\sane
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\sane as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\sane
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\jest.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\jest-cli
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\jest as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\jest-cli
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esvalidate.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esparse.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esvalidate as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esparse as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
> [email protected] postinstall C:\Users\jjeff\Documents\React Native\testOne\node_modules\react-native-elements
> opencollective-postinstall
Thank you for using react-native-elements!
If you rely on this package, please consider supporting our open collective:
> https://opencollective.com/react-native-elements/donate
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN [email protected] requires a peer of react-native-vector-icons@>6.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
+ [email protected]
added 54 packages from 33 contributors, removed 34 packages, updated 918 packages and audited 515931 packages in 112.858s
found 11 low severity vulnerabilities
run `npm audit fix` to fix them, or `npm audit` for details
Upvotes: 1
Views: 2962
Answers (3)
Reputation: 19
So, the problem solved automatically. The main issue was the project won't run because of the vulnerabilities. But then after like a month, I started to use Yarn for installing the dependencies and so I don't get to see the vulnerabilities. This problem is gone now.
Upvotes: 0
Reputation: 5614
You can run npm audit to check out the details of these vulnerabilities, usually they belong to the dependencies/packages you installed for your project. This means that unless there are recent updates that you didn't apply yet for the specific packages, there's not much you can do about them.
In your case, it was low severity vulnerabilities, so I wouldn't worry too much about them, if you want, just use npm audit and see if there are vulnerabilities that worry you specifically, if so, address them to the package developers, consider alternatives, or fork the project and fix the vulnerabilities yourself as the last resort. But again, I wouldn't worry about this too much since they are just low severity vulnerabilities.
Upvotes: 1
Reputation: 883
You can try latest versions of the package used in the project.
You can try below commands.
npm install pkg-name
or
npm install pkg-name@^version
Where pkg-name is package name and version is package version.
After installing latest version you can try
npm audit fix
Hope it works.!
Upvotes: 0
Related Questions
- Found 4 vulnerabilities on npm install
- What do these errors mean in React-Native in my react-native project and how do I fix them?
- Moderate severity vulnerabilities found after running npx create-react-app
- npm run Segmentation fault: 11
- npm install showing vulnerabilities for which no fix is available
- React Native - Error while initialising new project
- vulnerability warning in npm packages when creating Expo project
- How to fix vulnerabilities of installed package
- React Native : Warnings on npm install <library>
- found 40 vulnerabilities (7 low, 31 moderate, 1 high, 1 critical)