loading...

Discussion on: Fixing NPM Dependencies Vulnerabilities

Collapse
bsastregx profile image
bsastregx

Algo, running npm audit does not show me the suggested command to update. Please, see image : imgur.com/mhnHoq4

Collapse
bbenefield89 profile image
Brandon Benefield Author

@bsastregx I believe the command is there but you may have glossed over it. Perhaps, you could leave the entire result of npm audit as a reply to this?

Collapse
billwright profile image
Bill Wright

Hi Brandon,

I have this same problem (no command to fix things). Using the --force doesn't fix things either. I tried to post my complete output but got an error saying there was a problem with my post, but no other information. I'm running npm version 6.4.1. At the end of my output I get this message: "See the full report for details." But where would I find the full report? There is no mention of where this report is.

Also, my problem is generally with grunt-* modules that use a vulnerable version of lodash. But I have the latest version of the grunt-modules. In that case, is there nothing that can be done? Short of not using the grunt-modules?

Thanks,
Bill