How to fix : Inefficient Regular Expression Complexity in chalk/ansi-regex

Question

sudo npm audit gives me this error -

npm audit report

ansi-regex >2.1.1 <5.0.1

Severity: moderate

Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw

fix available via npm audit fix

node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex

node_modules/npm/node_modules/string-width/node_modules/ansi-regex

strip-ansi 4.0.0 - 5.2.0

Depends on vulnerable versions of ansi-regex

node_modules/npm/node_modules/string-width/node_modules/strip-ansi

string-width  2.1.0 - 4.1.0
Depends on vulnerable versions of strip-ansi
node_modules/npm/node_modules/string-width

3 moderate severity vulnerabilities

To address all issues, run: npm audit fix

**I have also tried

sudo npm audit fix

and the result I've got is quite same.**

npm WARN audit fix ansi-regex@5.0.0 node_modules/npm /node_modules/cli-table3/node_modules/ansi-regex

npm WARN audit fix ansi-regex@5.0.0 is a bundled dependency of npm WARN audit fix ansi-regex@5.0.0 npm@8.4.1 at node_modules/npm

npm WARN audit fix ansi-regex@5.0.0 It cannot be fixed automatically.

npm WARN audit fix ansi-regex@5.0.0 Check for updates to the npm package.

npm WARN audit fix ansi-regex@3.0.0 node_modules/npm/node_modules/string-width/node_modules/ansi-regex

npm WARN audit fix ansi-regex@3.0.0 is a bundled dependency of

npm WARN audit fix ansi-regex@3.0.0 npm@8.4.1 at node_modules/npm

npm WARN audit fix ansi-regex@3.0.0 It cannot be fixed automatically.

npm WARN audit fix ansi-regex@3.0.0 Check for updates to the npm package.

npm WARN audit fix strip-ansi@4.0.0 node_modules/npm/node_modules/string-width/node_modules/strip-ansi

npm WARN audit fix strip-ansi@4.0.0 is a bundled dependency of

npm WARN audit fix strip-ansi@4.0.0 npm@8.4.1 at node_modules/npm

npm WARN audit fix strip-ansi@4.0.0 It cannot be fixed automatically.

npm WARN audit fix strip-ansi@4.0.0 Check for updates to the npm package.

npm WARN audit fix string-width@2.1.1 node_modules/npm/node_modules/string-width

npm WARN audit fix string-width@2.1.1 is a bundled dependency of

npm WARN audit fix string-width@2.1.1 npm@8.4.1 at node_modules/npm

npm WARN audit fix string-width@2.1.1 It cannot be fixed automatically.

npm WARN audit fix string-width@2.1.1 Check for updates to the npm package.

up to date, audited 317 packages in 3s

28 packages are looking for funding run npm fund for details

npm audit report

ansi-regex >2.1.1 <5.0.1

Severity: moderate

Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw

fix available via npm audit fix

node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex

node_modules/npm/node_modules/string-width/node_modules/ansi-regex

strip-ansi 4.0.0 - 5.2.0

Depends on vulnerable versions of ansi-regex

node_modules/npm/node_modules/string-width/node_modules/strip-ansi

string-width  2.1.0 - 4.1.0
Depends on vulnerable versions of strip-ansi
node_modules/npm/node_modules/string-width

3 moderate severity vulnerabilities

To address all issues, run:

npm audit fix

Answer 1

So this warning means that you need to be using a patched version of that package (from that GH link, it looks like all x.0.1 are patched). So if you have a package that uses ansi-regex and that packages isn't updated to a patched version, you could open a pull request to that package updating it