I face some problem while I try to install axios via npm

Question

up to date, audited 1446 packages in 7s

194 packages are looking for funding run npm fund for details

6 high severity vulnerabilities

To address all issues (including breaking changes), run: npm audit fix --force

Run npm audit for details.

Answer 1

Ideally, we should address these vulnerabilities, especially in stages like production, sensible workplaces, etc. However, often, you will have to address these vulnerabilities manually.

npm audit fix will try to "fix" what it can by performing some updates.

npm audit fix --force will try to go further in considering upgrading even between major semantic versions (2 to 3, for instance, instead of 2 to 2.1 if necessary)

It may not be enough. To be on the safer side, you look through every single module declared vulnerable to ponder eventual risks and how any issues can affect your project(s)

Keep in mind: "npm" can find vulnerabilities absolutely at any time.

Therefore, if the developer has not sent a new version correcting the identified problem, you will have to:

• Decide whether to use a new library.
• Decide to downgrade or upgrade their libraries with the most negligible effect on your code.
• Decide to fix the vulnerability yourself
• Decide to wait for the author to fix the issue
• Decide to implement your solution.
• Decide to live with these vulnerabilities and likely address them before production.

npm audit monitors modules over time, so some vulnerabilities can still happen on perfectly thought-safe modules. Therefore, there is no 100% permanent fixing.

A way to have the list of problematic modules:

$> npm audit fix --dry-run --json

https://docs.npmjs.com/cli/v8/commands/npm-audit