Reputation:
My project has 6 high severity vulnerabilities and I have no idea how to fix them. npm audit fix fails. Please help me to fix this.
I was installing https://www.npmjs.com/package/toastr to my project and after it has installed the vulnerabilities were shown. I don't know is there any connection. === npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > @schematics/update > pacote >
make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > pacote > make-fetch-happen >
https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > @schematics/update > pacote >
npm-registry-fetch > make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > pacote > npm-registry-fetch >
make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of protractor [dev]
Path protractor > browserstack > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of protractor [dev]
Path protractor > saucelabs > https-proxy-agent
More info https://npmjs.com/advisories/1184
Upvotes: 11
Views: 14148
Reputation: 1
Have a look at this thread: How do I override nested NPM dependency versions?
Just replace the corresponding packages to the ones listed in the audit.
Upvotes: 0
Reputation: 3654
Fixes BUILD problems and general installation problems:
package.json
{
...
"scripts": {
"resolve-install": "npx npm-force-resolutions && npm install"
},
"resolutions": {
"https-proxy-agent": "^3.0.0"
}
}
Then instead of npm install
just run in cmd
or Dockerfile
:
npm run resolve-install
Upvotes: 2
Reputation: 246
1) npm i --save-dev npm-force-resolutions
2) Add this to your package.json
"resolutions": { "https-proxy-agent": "^3.0.0" }
3) Let npm-force-resolutions do it's thing
rm -r node_modules
npx npm-force-resolutions
npm install
4) re-run your audit npm audit.
Font: https://github.com/TooTallNate/node-https-proxy-agent/issues/84#issuecomment-543884972
Upvotes: 13