NPM-AUDIT find to high vulnerabilities. What am I supposed to do?
I just had this problem too and after some researchs, i found something:
NPM throws error on "audit fix" - Configured registry is not supported
Of course, it's about an other problem but, by adapting the solution given there, it resolved my problem.
So :
- Delete the node_modules folder of tree-kill
- Edit package-lock.json file like it's done but with tree-kill module instead.
- Don't forget to run npm install at the end
I hope i've been clear enough.
Check the GitHub repo to see if a fix is being worked on. I found this issue: https://github.com/angular/angular-cli/issues/16629 and a pull request (https://github.com/angular/angular-cli/pull/15894) which removes the dependency.
I was having the same problem today and I fixed it by:
- delete the tree-kill package from the node_modules folder.
- delete the package-lock.json file.
- go to the @angular-devkit/build-angular folder in the node_modules folder and edit the package.json file; change tree-kill version from 1.2.1 to 1.2.2
- go to @ngtools/webpack folder in the node_modules folder and do the same as step 3.
run npm install after that.
You can fix this without waiting for a new version of the package @angular-devkit/build-angular
.
Just do the following steps:
- Update your
package.json
file by addingresolutions
section with proper version of packagetree-kill
:
"resolutions": {
"tree-kill": "1.2.2"
}
- Update your
package-lock.json
by running command:
npx npm-force-resolutions
- Reinstall NPM packages in your project:
rm -r node_modules
npm install
Run npm audit
to check that your project does not have anymore this problem. And don't forget to commit modified files package.json
and package-lock.json
.
More information about NPM Force Resolutions.