Prototype Pollution - npm vulnerability can't be fixed?

Right now there isn't an immediate fix. yargs-parser has breaking changes in the versions that have been released since the one pinned in react-scripts. We are waiting on the react-scripts to be updated in order to address this warning.

It is worth noting that this isn't a "serious" vulnerability and should only affect dev environments. It is fixed in the latest yargs-parser but I wouldn't lose sleep over a low risk vulnerability. They happen from time to time and the community is usually quite good at patching them out.

You can watch the progress of this issue or (depending on your skill level) contribute to the fix here: https://github.com/facebook/create-react-app/issues/8529


We need to add this too:

"scripts": { "preinstall": "npx npm-force-resolutions" }

Then on your package.json add:

"resolutions": { "yargs-parser": "^13.1.2" }

Finally run below commond on your terminal:

rm -r node_modules

npm install

Tags:

Npm

Reactjs

Related

What's a more efficient way to calculate the max of each row in a matrix excluding its own column? How can I check a file is closed or not in python? How to change language of Show date picker in flutter Installing venv for python3 in WSL (Ubuntu) How to initialize all elements of a two-dimensional array to a particular value? Xcode Device Issue - Failed _shouldMakeReadyForDevelopment check even though device is not locked by passcode How can I simplify `(variableA && !variableB) || !variableA` expression in JavaScript? How to compare a char to [ in Julia? Is there a replacement for document.execCommand? (or is it safe to use document.execCommand?) I'm really confused about function declarations in Haskell C99: cast callbacks with different number of arguments raku What is a better way to do rotor from the end?

Recent Posts