CODEWITHSUNDEEP
node.jssecuritynpmdependenciespackage.json
VincenzoDelre
VincenzoDelre

Reputation: 71

Json dependencies NPM update- How fix vulnerabilities manually

I have lost 1 day in order to try to fix manually fews high vulnerabilities. It was a waste of time.

I've read many post, blog and suggestion but I was unable to fix the problem.

Basically /css-what require an update to version 5.0.1 and the npm audit is telling that

│ Dependency of │ gulp-imagemin [dev]  
                                    
│ Path          │ gulp-imagemin > imagemin-svgo > svgo > css-select > 
                | css-what

I've run (on gulp-imagemin) the command npm update, then navigate to the next folder (imagemin-svgo) and again npm update etc etc. When I arrive to the css-what root, I run again npm update but it doesn't do anything;

Then I modified my package.json according

"resolutions": {
"trim-newlines": "^4.0.1",
"css-what": "^5.0.1",
"scripts": {
  "preinstall": "npx npm-force-resolutions"
}

}

I went back to the main root to run npm i but it doesn't amended all branches; Besides when I run npm ls css-what or npm ls trim-newlines I can see that the new version has been installed on the node_modules but older version still unchanged on the tree

root/tree

I was following https://hackernoon.com/how-fix-security-vulnerabilities-in-npm-dependencies-in-3-minutes-rq9g3y7u post but it doesn't worked for some reason, most probably my inexperience.

Thanks for your help

Upvotes: 1

Views: 1242

Answers (2)

Anupam Tirkey
Anupam Tirkey

Reputation: 41

npm update css-what worked for me

Upvotes: 0

snd
snd

Reputation: 123

To fix vulnerability you can try :

npm audit -fix

To update you can also use npm-check-updates

Upvotes: 0

Related Questions