Installing react-scripts causes vulnerabilities

Question

I uninstalled react-scripts trying to fix bug in terminal earlier. Now when I run npm install react-scripts it gives me this:

Cole@Coles-MacBook-Pro-4 client % npm i react-scripts
npm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated babel-eslint@10.1.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated @hapi/address@2.1.4: Moved to 'npm install @sideway/address'
npm WARN deprecated rollup-plugin-babel@4.4.0: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-babel.
npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/joi@15.1.1: Switch to 'npm install joi'
npm WARN deprecated core-js@2.6.12: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.

added 1881 packages, changed 1 package, and audited 1986 packages in 58s

138 packages are looking for funding
  run `npm fund` for details

87 vulnerabilities (81 moderate, 6 high)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

But when I run npm uninstall react-scripts it gives me this:

Cole@Coles-MacBook-Pro-4 client % npm uninstall react-scripts

removed 1882 packages, and audited 104 packages in 15s

4 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

Obviously I do need react-scripts so I can start my project up in development. When I run npm start with react-scripts uninstalled, it gives me sh: react-scripts: command not found

How can I install react-scripts without causing vulnerabilities?

Edit: When I try npm audit fix it gives me this nasty message:

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! Found: type-fest@0.21.3
npm ERR! node_modules/type-fest
npm ERR!   type-fest@"^0.21.3" from ansi-escapes@4.3.2
npm ERR!   node_modules/ansi-escapes
npm ERR!     ansi-escapes@"^4.2.1" from @jest/core@26.6.3
npm ERR!     node_modules/@jest/core
npm ERR!       @jest/core@"^26.6.0" from jest@26.6.0
npm ERR!       node_modules/jest
npm ERR!         peer jest@"^26.0.0" from jest-watch-typeahead@0.6.1
npm ERR!         node_modules/jest-watch-typeahead
npm ERR!         1 more (react-scripts)
npm ERR!       1 more (jest-cli)
npm ERR!     ansi-escapes@"^4.3.1" from jest-watch-typeahead@0.6.1
npm ERR!     node_modules/jest-watch-typeahead
npm ERR!       jest-watch-typeahead@"0.6.1" from react-scripts@4.0.3
npm ERR!       node_modules/react-scripts
npm ERR!         react-scripts@"^4.0.3" from the root project
npm ERR!     2 more (jest-watcher, terminal-link)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peerOptional type-fest@"^0.13.1" from @pmmmwh/react-refresh-webpack-plugin@0.4.3
npm ERR! node_modules/@pmmmwh/react-refresh-webpack-plugin
npm ERR!   @pmmmwh/react-refresh-webpack-plugin@"0.4.3" from react-scripts@4.0.3
npm ERR!   node_modules/react-scripts
npm ERR!     react-scripts@"^4.0.3" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /Users/Cole/.npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/Cole/.npm/_logs/2021-05-26T13_04_40_793Z-debug.log

Maybe I have to uninstall and reinstall the entire create-react-app package? I started a different project in a different folder and it still had the same problems right after entering npx create-react-app <name> . Sounds like my whole computer is messed up now.

Answer 1

How can I install react-scripts without causing vulnerabilities?

You can't. You have to wait for the author (in this case, Facebook) to update its dependencies to remove vulnerabilities.