DEV Community

Mark Benjamin
Mark Benjamin

Posted on

[Possible Fix] Inflight reported as a vulnerability in react project (Veracode SCA)

If you're facing an inflight vulnerability from a veracode (or any other SCA tool) scan, then it probably comes from eslint package. This might not be the case for all scenarios but the SCA tool typically shows you a dependancy graph where you can drill down on the involved packages. In the case that it is eslint for you then here's the fix that clears the SCA scan error:

You probably have eslint under the dependancies section in the package.json (of course, duuh). Just move the eslint package into the devDependancies because that is where it belongs in the first place. The SCA tool knows that as a dev dependancy, it is only used for the development phase and will not affect the production code.

As always, I hope this helps someone 😌.

Top comments (1)

Collapse
 
ashishraj2090 profile image
Ashish Kumar • Edited

Please let me know if this workaround will work with Sonatype-(Nexus scan) report generation as well ? @thecodeinfluencer