Prototype Pollution - npm vulnerability can't be fixed?

Right now there isn't an immediate fix. yargs-parser has breaking changes in the versions that have been released since the one pinned in react-scripts. We are waiting on the react-scripts to be updated in order to address this warning.

It is worth noting that this isn't a "serious" vulnerability and should only affect dev environments. It is fixed in the latest yargs-parser but I wouldn't lose sleep over a low risk vulnerability. They happen from time to time and the community is usually quite good at patching them out.

You can watch the progress of this issue or (depending on your skill level) contribute to the fix here: https://github.com/facebook/create-react-app/issues/8529


We need to add this too:

"scripts": { "preinstall": "npx npm-force-resolutions" }

Then on your package.json add:

"resolutions": { "yargs-parser": "^13.1.2" }

Finally run below commond on your terminal:

rm -r node_modules

npm install

Tags:

Npm

Reactjs