Open ghost opened 5 years ago
npm audit
report result:
found 79 vulnerabilities (30 low, 23 moderate, 25 high, 1 critical) in 5666 scanned packages
I'll push a initial commit to a separate branch with the updated packages using npm audit fix
EDIT
After executing npm audit fix
, our project still has a couple of vulnerable packages:
found 23 vulnerabilities (14 low, 8 high, 1 critical) in 8892 scanned packages
23 vulnerabilities require semver-major dependency updates.
Issue
There are a couple of vulnerability reports from github and also when you execute
npm install
(yarn does not seem to report vulnerabilities though)Solution