Closed dylan-k closed 5 years ago
I do not recommend running npm audit fix
. Breaking changes are bad and can cause all sorts of shenanigans.
Short answer is there isn't really anything to worry about. The packages used by this boilerplate don't actually wind up in your project, and the vulnerabilities are usually more for people working on certain things, server-side stuff, for the most part.
Since all we use these packages for is code quality and build stuff, the vulnerabilities will not impact your project, and they aren't "vulnerable" in the sense that your computer is in danger.
For more clarity and peace-of-mind, he's an article I found on Google if you're interested: https://www.voitanos.io/blog/don-t-be-alarmed-by-vulnerabilities-after-running-npm-install
I'm going to close this for now. If you have further comments or concerns I'm happy to re-open it.
upon doing
> npm install
I got...So I did
npm audit fix
but then I got...Should I be concerned about the "vulns" or "breaking changes" mentioned here? I'm on ubuntu 18.04 with npm 6.4.1