Error on installing a package "n low severity vulnerabilities" - react-native

I just installed a fresh react-native project on big-sur.
When i try to install a npm package, i got this error.
How can i fix it?
npm install #react-navigation/native
up to date, audited 1026 packages in 2s
6 low severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
When execute the "npm audit fix --force" command, the app is not working anymore.

Sorry this is not an error, everything works fine...

Related

i am trying to install a package in my terminal and they give an error message that said

up to date, audited 704 packages in 2s
121 packages are looking for funding
run npm fund for details
8 vulnerabilities (5 high, 3 critical)
To address all issues (including breaking changes), run:
npm audit fix --force
Run npm audit for details.
I tried reinstalling
This is not an error. You tried installing a package which you already installed previously. That’s why it says up to date. The message says that it found 8 vulnerabilities which can happen if packages are outdated.

Cannot install rdme

I cannot install rdme. I have correctly installed Node.js:
grafeno30#linux:~$ npm -v
8.11.0
grafeno30#linux:~$ node -v
v16.16.0
and when I execute npm install rdme I get the the following message:
up to date, audited 377 packages in 888ms
82 packages are looking for funding
run `npm fund` for details
5 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
I execute the following command: npm audit fix --force
If I execute rdme on the screen appears "command not found".
Navigate to your "node modules" folder in nodejs and try running
npm i rdme#version
eg- npm i rdme#8.0.0-beta.2
Thank you #jonrsharpe
I have been able to run it with npx.
I have able to execute with npx.
I didn't read all the documentation:
Once installed in your project, we recommend using npx (which is included if you have npm installed) to prefix all of your CLI commands. For example:
npx rdme validate [file]*

"npx create-react-app ..." audit comes with 3 high severity issues. How can I fix this?

I have a few react projects that were started using "npx create-react-app" and if I run "npm audit" they come back with:
# npm audit report
immer <8.0.1
Severity: high
Prototype Pollution - https://npmjs.com/advisories/1603
fix available via `npm audit fix --force`
Will install react-scripts#2.0.5, which is a breaking change
node_modules/react-dev-utils/node_modules/immer
react-dev-utils >=6.0.6-next.9b4009d7
Depends on vulnerable versions of immer
node_modules/react-dev-utils
react-scripts >=2.0.6-next.9b4009d7
Depends on vulnerable versions of react-dev-utils
node_modules/react-scripts
3 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
I have tried running npm audit fix and that doesn't fix the issue.
I have tried running npm audit fix --force which results in even more errors.
I have tried running npm i immer#8.0.1 which also does not work.
I am using nvm with node version 14.15.5 and npm version 7.5.4. I recently updated nvm to the latest version (0.37.2) and changed the default to the latest node lts (14.15.5), so I believe this may be the culprit but I can't figure out how to fix these 3 vulnerabilities.
A possibility is that there's an issue with me having not moved my global packages to the newer version of node.
Any help is much appreciated.
The issue has now been fixed. Just run npm audit fix.

npm audit fix --force doesn't solve the issues

I have a rect project created a while ago with react-create-app. Running npm install gives gives me 31 vulnerabilities (24 low, 3 moderate, 4 high).
Here are the files that might help debug the issue:
warnings after running npm audit fix --force
package.json
package-lock.json
I tried:
Deleting package-lock.json and node_modules folder and rerun npm install. Still the exact same issues remain.
Updating all of my packages to the latest with npm-check-updates.
Clearing npm chache with npm cache clear --force
None of these solved any of the issues.
PS: Creating a brand new project with npx create-react-app has the exact same problem, so it is not related to my specific app it's some global issue.

How to fix vulnerabilities of installed package

I tried this
npm install react-native-elements
I got
found 454 low severity vulnerabilities
run `npm audit fix` to fix them, or `npm audit` for details
I tried this
npm audit fix
and I got
fixed 396 of 454 vulnerabilities in 38064 scanned packages
58 vulnerabilities required manual review and could not be updated
I tried
npm uninstall react-native-elements
But this works as npm install react-native-elements somehow.
Should I concern this 58 vulnerabilities ? Can I fix this manually ?
If it is difficult to fix, How I can delete this package correctly?
If you want to delete the package correctly, try removing it from package.json and then try npm install.
However, you should not worry about vulnerabilities.