Skip to content

Npx create-react-app: 8 vulnerabilities (2 moderate, 6 high) in new react app  #13637

New issue
New issue
Open
#13778
Open
Npx create-react-app: 8 vulnerabilities (2 moderate, 6 high) in new react app #13637
#13778
Labels
needs triage
@harish00506

Description

@harish00506
harish00506
opened on Jul 21, 2024

PS C:> npx create-react-app mern-stack

Creating a new React app in C:\mern-stack.

Installing packages. This might take a couple of minutes.
Installing react, react-dom, and react-scripts with cra-template...

added 1482 packages in 4m

261 packages are looking for funding
run npm fund for details

Initialized a git repository.

Installing template dependencies using npm...

added 63 packages, and changed 1 package in 25s

261 packages are looking for funding
run npm fund for details
Removing template package using npm...

removed 1 package, and audited 1545 packages in 6s

261 packages are looking for funding
run npm fund for details

8 vulnerabilities (2 moderate, 6 high)

To address all issues (including breaking changes), run:
npm audit fix --force

Run npm audit for details.

Created git commit.

Success! Created mern-stack at C:\Users\LENOVO\Desktop\programing_Files\node_Files\learing_react\mern-stack
Inside that directory, you can run several commands:

npm start
Starts the development server.

npm run build
Bundles the app into static files for production.

npm test
Starts the test runner.

npm run eject
Removes this tool and copies build dependencies, configuration files
and scripts into the app directory. If you do this, you can’t go back!

We suggest that you begin by typing:

cd mern-stack
npm start

Happy hacking!

PS C:\cd .\mern-stack
PS C:\mern-stack> npm fund
[email protected]
├─┬ https://github.com/chalk/chalk?sponsor=1
│ │ └── [email protected]
│ └── https://github.com/chalk/ansi-styles?sponsor=1
│ └── [email protected], [email protected], [email protected]
├── https://github.com/sponsors/jonschlinkert
│ └── [email protected]
├── https://github.com/sponsors/sibiraj-s
│ └── [email protected]
├── https://github.com/sponsors/ljharb
│ └── [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
├── https://opencollective.com/babel
│ └── @babel/[email protected]
├─┬ https://github.com/sponsors/gregberge
│ │ └── @svgr/[email protected], @svgr/[email protected], @svgr/[email protected], @svgr/[email protected], @svgr/[email protected], @svgr/[email protected], @svgr/[email protected], @svgr/[email protected], @svgr/[email protected], @svgr/[email protected], @svgr/[email protected], @svgr/[email protected], @svgr/[email protected], @svgr/[email protected]
│ └── https://opencollective.com/core-js
│ └── [email protected], [email protected], [email protected]
├── https://opencollective.com/browserslist
│ └── [email protected], [email protected], [email protected]
├── https://opencollective.com/webpack
│ └── [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
├─┬ https://opencollective.com/eslint
│ │ └── [email protected], @eslint/[email protected], [email protected], [email protected], [email protected]
│ ├── https://github.com/sponsors/nzakas
│ │ └── @humanwhocodes/[email protected]
│ └── https://github.com/sponsors/isaacs
│ └── [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
├─┬ https://opencollective.com/html-webpack-plugin
│ │ └── [email protected]
│ └── https://github.com/fb55/htmlparser2?sponsor=1
│ └── [email protected]
├── https://opencollective.com/postcss/
│ └── [email protected], [email protected], [email protected], [email protected], [email protected]
├─┬ https://opencollective.com/csstools
│ │ └── [email protected], @csstools/[email protected], @csstools/[email protected], @csstools/[email protected], @csstools/[email protected], @csstools/[email protected], @csstools/[email protected], @csstools/[email protected], @csstools/[email protected], @csstools/[email protected], @csstools/[email protected], @csstools/[email protected], @csstools/[email protected], @csstools/[email protected], @csstools/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
│ └── https://ko-fi.com/mrcgrtz
│ └── [email protected]
├── https://github.com/sponsors/mdevils
│ └── [email protected]
├── https://github.com/chalk/supports-color?sponsor=1
│ └── [email protected]
├── https://github.com/avajs/find-cache-dir?sponsor=1
│ └── [email protected]
├── https://opencollective.com/typescript-eslint
│ └── @typescript-eslint/[email protected], @typescript-eslint/[email protected], @typescript-eslint/[email protected], @typescript-eslint/[email protected], @typescript-eslint/[email protected], @typescript-eslint/[email protected], @typescript-eslint/[email protected], @typescript-eslint/[email protected], @typescript-eslint/[email protected]
├── https://github.com/sindresorhus/emittery?sponsor=1
│ └── [email protected]
├── https://github.com/sindresorhus/execa?sponsor=1
│ └── [email protected]
├─┬ https://github.com/chalk/strip-ansi?sponsor=1
│ │ └── [email protected]
│ └── https://github.com/chalk/ansi-regex?sponsor=1
│ └── [email protected]
├── https://opencollective.com/immer
│ └── [email protected]
└── https://paulmillr.com/funding/
└── [email protected]

PS C:\mern-stack> npm install react-scripts@latest

up to date, audited 1545 packages in 4s

261 packages are looking for funding
run npm fund for details

8 vulnerabilities (2 moderate, 6 high)

To address all issues (including breaking changes), run:
npm audit fix --force

Run npm audit for details.
PS C:\mern-stack> npm audit

npm audit report

nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - GHSA-rp65-9cf3-cjxr
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of resolve-url-loader
node_modules/react-scripts

postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - GHSA-7fh5-64p2-3v2j
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
resolve-url-loader 0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/resolve-url-loader

8 vulnerabilities (2 moderate, 6 high)

To address all issues (including breaking changes), run:
npm audit fix --force

Metadata

Metadata

Assignees

No one assigned

    Labels

    needs triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions