📘
Notes
  • Welcome
  • Domain Name System (DNS)
  • Developer Road Maps
  • App Security
  • Terminal Shortcuts/Commands
  • Technical Vocab
  • Kubernetes
  • Database Migrations
  • How to Write UML Diagrams
  • Linux
  • Testing in Software
  • Front-end / UI / UX
    • Redux
    • Notes on Design
    • HTML
    • CSS
    • React
  • Backend / Infrastructure
    • Terraform
    • Content Delivery Network (CDN)
    • Elasticsearch
    • npm
      • how to fix npm vulnerabilities
    • AWS Serverless Computing
    • Databases
      • Object Relational Mapper (ORM)
      • Database Migration
      • Relational Database Management System
    • TCP/IP
    • Web Servers
      • Go
      • HyperText Transfer Protocol (HTTP)
        • Request / Response
          • REST API
          • GraphQL / Apollo
        • Postman
    • Docker / Containers
    • Caches
      • Redis
    • MVC (Model-View-Controller)
  • General Career Advice
    • Software Engineering @Google
  • Technical Books
    • Designing Data-Intensive Systems
    • 30 Days of React
    • The Art of Game Design: A Book of Lenses
  • Data Structures / Algorithms
    • Sorting
    • Tries
  • Courses
    • Full Stack Open
    • iOS App Dev
Powered by GitBook
On this page
  1. Backend / Infrastructure
  2. npm

how to fix npm vulnerabilities

PreviousnpmNextAWS Serverless Computing

Last updated 1 year ago

Vulnerabilities

You can get a report of all vulnerabilities using npm audit. In that report for each vulnerability you will also see a way to fix it. When you use npm audit fix you are telling npm to execute those fixes. Npm however will not automatically install fixes that might break your project, such as major versions changes. You'll have to manually execute the npm install commands for those if you decide the vulnerability is more important than having to deal with the possible breaking change.

Note: Since writing, npm audit fix --force was introduced which will even execute patches that might introduce breaking changes. Use at your own risk, I've used it and it ended badly, very badly.

reference:

https://stackoverflow.com/questions/59922953/fix-vulnerabilities-in-npm-manually