Closed
Description
Hi, I am learning react and when I use whats called new method ( npx install -g create-react-app (then name of app))
instead of using (npm install -g create-react-app).
I was following a website that said to stop using it one way and to start using the npx version way.
I uninstalled react by using ( npm uninstall -g create-react-app ) then I used ( npx install -g create-react-app (then name of app))
I get an ERR message saying I have vulnerabilities. As shown in the picture below.
I am using NODE v16.3.0, npm v7.16.0
I was following THIS page....
.
And THIS is the ERR I got back when following the website.....
.
.
-
- How do I solve this problem ??
-
- Also how do I install react globally so I can use it in all my upcoming projects as Im learning react ??
Thanks for reading :)
Activity
pierre-H commentedon Jun 15, 2021
See #11092
RobFosterNYC commentedon Jun 15, 2021
Thank you @pierre-H <3
cmacdonnacha commentedon Jun 15, 2021
This is becoming a big issue and there's been no communication from the team on this.
KrishnanSriram commentedon Jun 15, 2021
react-scripts is the problem-maker
96 vulnerabilities (85 moderate, 11 high)
All our production release are now stopped
cmacdonnacha commentedon Jun 16, 2021
Is there a way for us to update these dependencies ourselves without having to wait for
react-scripts? There's currently a high sev vulnerability on normalize-urlgaearon commentedon Jul 2, 2021
These warnings are false positives. There are no actual vulnerabilities affecting your app here.
To fix
npm auditwarnings, movereact-scriptsfromdependenciestodevDependenciesin yourpackage.json.That will remove the false positive warnings.
I agree with the point in #11102 and will make this change so that new projects don't keep having these false positive warnings.
If you want to discuss this, please comment in #11102.
gaearon commentedon Jul 2, 2021
Please see #11174.