TIL NPM Audit Fix

POSTED ON: Jul 04, 2020

You npm install and NPM warns you that there are 100 vulnerabilities. (npm -v 6 or higher).

If you're worried about potential damage, create a new branch.

git checkout -b fix/vulnerabilities

Then npm audit fix - This will fix all vulnerabilities that wont cause any funky side effects. It will target versions of packages that semver that uses minor/patch versions to update.

It's not 100% fullproof (which is why you branched it), and you'll still have a lot of vulnerabilities afterwards.

Next, use npm audit to get a list of other vulnerabilities. Scroll to the top, and you'll see NPM recommend a action like npm install <package@version> to fix 7 vulnerabilities. These are often major updates that can cause side effects. Do that one at a time, and test your code.

If there is no update - it's your decision to leave it alone or find a new package/solution to your problem.

Related TILs

Tagged: git

TIL the core-js spam trolling

This entire repo is a hilarious rabbit-hole when you combine this with everyone complaining about the console spam that the dev added to it asking if anyone can find him a job. One of my favorite PRs

Feb 18, 2023

TIL How many Fucks there are in Linux

As of today, in the Linux Repo, there are comments that contains the following mentions: 1,651 for hacks, 2,863 for workarounds, and 4,102 for fixme

Feb 13, 2023

TIL reverting git

Two solutions. One is re-write history and hide your mistakes. The other is showing the history, to remind you of your mistakes.

Dec 02, 2022