NativeScript 8.0.0: NPM vulnerabilites switching between "3 high" to "30 high"
Question
I am currently working on a NativeScript project that uses NativeScript core ~8.0.0 and I just ran an npm install and realized that there are 3 high vulnerabilities. When I try to fix them using npm audit fix (even with --force flag) I end up having 30 hight vulnerabilites. Again npm audit fix leads to the original 3 high again.
These seem to be due to @nativescript/webpack:5.0.0 which is the current version but relies on a vulnerable version of @pmmmwh/react-refresh-webpack-plugin .
Any ideas on how to solve this problem?
Here is the detailed output of npm audit :
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix --force`
Will install @nativescript/webpack@4.1.0, which is a breaking change
node_modules/ansi-html
@pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6
Depends on vulnerable versions of ansi-html
@nativescript/webpack >=5.0.0-alpha.0
Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
node_modules/@nativescript/webpack
1 answers
solution1
0 2021-11-10 18:32:41
Nervermind, ns migrate did the trick.
Still if anyone is facing a similar problem with the ansi-html package there is a solution for that in this answer .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.