Prototype Pollution - npm vulnerability can't be fixed?
Right now there isn't an immediate fix. yargs-parser
has breaking changes in the versions that have been released since the one pinned in react-scripts
. We are waiting on the react-scripts
to be updated in order to address this warning.
It is worth noting that this isn't a "serious" vulnerability and should only affect dev environments. It is fixed in the latest yargs-parser
but I wouldn't lose sleep over a low risk vulnerability. They happen from time to time and the community is usually quite good at patching them out.
You can watch the progress of this issue or (depending on your skill level) contribute to the fix here: https://github.com/facebook/create-react-app/issues/8529
We need to add this too:
"scripts": { "preinstall": "npx npm-force-resolutions" }
Then on your package.json add:
"resolutions": { "yargs-parser": "^13.1.2" }
Finally run below commond on your terminal:
rm -r node_modules
npm install