Reputation: 1482
npm audit
run on my project and got me this
High Command Injection
Dependency of @angular-devkit/build-angular [dev]Path @angular-devkit/build-angular > @ngtools/webpack > tree-kill
More info https://npmjs.com/advisories/1432
High Command Injection
Package tree-kill
Patched in >=1.2.2
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > tree-kill
More info https://npmjs.com/advisories/1432
Tree-kill needs to be updated, but is a dep of angular, not mine. So what? Need to wait that angular-team update its own package.json to a newer version of tree-kill?
Upvotes: 14
Views: 13000
Reputation: 99
Update your @angular-devkit/build-angular version in package.json to below:
"@angular-devkit/build-angular": "0.13.10"
It worked for me.
Upvotes: 0
Reputation: 368
Add below code to package.json
"resolutions": {
"tree-kill":"1.2.2"
}
Remove all node modules:
rm -r node_modules
Update package-lock.json for new version 1.2.2 as :
npx npm-force-resolutions
Now install node modules:
npm install
This works for me.
Upvotes: 1
Reputation: 31
Remove the tree-kill package from the node_modules folder & Delete
the package-lock.json file.
Find @angular-devkit/build-angular
folder in the node_modules folder and edit the package.json file;
change tree-kill version from 1.2.1 to 1.2.2
Find @ngtools/webpack
in the node_modules folder and edit the package.json file;
change tree-kill version from 1.2.1 to 1.2.2
Upvotes: 0
Reputation: 643
You can fix this without waiting for a new version of the package @angular-devkit/build-angular
.
Just do the following steps:
package.json
file by adding resolutions
section with proper version of package tree-kill
:"resolutions": {
"tree-kill": "1.2.2"
}
package-lock.json
by running command:npx npm-force-resolutions
rm -r node_modules
npm install
Run npm audit
to check that your project does not have anymore this problem. And don't forget to commit modified files package.json
and package-lock.json
.
More information about NPM Force Resolutions.
Upvotes: 16
Reputation: 133
I was having the same problem today and I fixed it by:
run npm install after that.
Upvotes: 10
Reputation: 79
Check the GitHub repo to see if a fix is being worked on. I found this issue: https://github.com/angular/angular-cli/issues/16629 and a pull request (https://github.com/angular/angular-cli/pull/15894) which removes the dependency.
Upvotes: 2
Reputation: 174
I just had this problem too and after some researchs, i found something:
NPM throws error on "audit fix" - Configured registry is not supported
Of course, it's about an other problem but, by adapting the solution given there, it resolved my problem.
So :
I hope i've been clear enough.
Upvotes: 3