DEV Community

loading...

How to update NPM Module for vulnerability

kobecow
Full Stack Engineer
Updated on ・1 min read

Github Shows security alert!?

After tiny push, I saw security alert on Github.

security_alert image

WOW. I've never seen it before. What should I do?

Step one-by-one.

This is what I did after googling.

1. Look at your security alert.

On my case, It said clean-css needed update.

details of security alert

2. Check your module

On project directory, npm audit executed.
The result was

output of npm audit

3. npm audit fix

npm audit fix executed.

a part of result was

+ pug@2.0.4
removed 3 packages and updated 9 packages in 5.479s

4. Check your module again.

On project directory, npm audit executed.
The result was


                       === npm audit security report ===                        

found 0 vulnerabilities

That's it. Pretty easy pattern.
Let's go back developing.

Discussion (0)