Resolving High Severity Vulnerabilities in a React App Using npm Audit and npm Fix

[klawrenceboxx]

Describe the bug

I'm getting a high severity vulnerability in my postergenius project. The npm audit report shows that nth-check version is below 2.0.1, which has an inefficient Regular Expression Complexity. The report suggests running npm audit fix --force, but warns that it will install react-scripts@2.1.3, which is a breaking change.

Did you try recovering your dependencies?

yes, I've tried recovering my dependencies by deleting node_modules, package-lock.json, and yarn.lock files, and running npm install. However, the issue still persists.

Which terms did you search for in User Guide?

I searched for "vulnerability", "npm audit", "dependency recovery", and "npm force update" in the User Guide.

Environment

Environment:
OS: Windows 10
Node: 16.13.1
npm: 8.1.0
Yarn: Not installed
webpack: Not installed

Steps to reproduce

1. Clone the postergenius project from GitHub.
2. Run npm install in the project directory to install dependencies.
3. Run npm audit in the project directory to see the audit report.

Expected behavior

I expect to see no high severity vulnerabilities in the audit report.

Actual behavior

The audit report shows a high severity vulnerability in nth-check package.

Reproducible demo

https://github.com/klawrenceboxx/AI-Posters

Steps to reproduce:

Clone the postergenius-demo project from GitHub.
Run npm install in the project directory to install dependencies.
Run npm audit in the project directory to see the audit report.

[promie]

One work around was to add the overrides in your package.json file.

	"overrides": {
		"nth-check": "2.1.1"
	}

[igordanchenko]

See #11174