Skip to content
GitLab
Open
Issue created by rwb196884@rwb196884

create-react-app: 6 high severity vulnerabilities

> npx create-react-app client
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.

Creating a new React app in C:\Work\Azure\repo\react\client.

Installing packages. This might take a couple of minutes.
Installing react, react-dom, and react-scripts with cra-template...


added 1417 packages in 5m

231 packages are looking for funding
  run `npm fund` for details
Git repo not initialized Error: Command failed: git --version
    at checkExecSyncError (node:child_process:828:11)
    at execSync (node:child_process:899:15)
    at tryGitInit (C:\Work\Azure\repo\react\client.\node_modules\react-scripts\scripts\init.js:46:5)
    at module.exports (C:\Work\Azure\repo\react\client.\node_modules\react-scripts\scripts\init.js:276:7)
    at [eval]:3:14
    at Script.runInThisContext (node:vm:129:12)
    at Object.runInThisContext (node:vm:305:38)
    at node:internal/process/execution:76:19
    at [eval]-wrapper:6:22 {
  status: 1,
  signal: null,
  output: [ null, null, null ],
  pid: 59908,
  stdout: null,
  stderr: null
}

Installing template dependencies using npm...

added 62 packages in 21s

231 packages are looking for funding
  run `npm fund` for details
Removing template package using npm...

removed 1 package, and audited 1479 packages in 5s

231 packages are looking for funding
  run `npm fund` for details

6 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

Success! Created fact-find at C:\Work\Azure\repo\react\client.
Inside that directory, you can run several commands:

  npm start
    Starts the development server.

  npm run build
    Bundles the app into static files for production.

  npm test
    Starts the test runner.

  npm run eject
    Removes this tool and copies build dependencies, configuration files
    and scripts into the app directory. If you do this, you can’t go back!

We suggest that you begin by typing:

  cd fact-find
  npm start

Happy hacking!

After running npm audit fix --force I end up with 75 vulnerabilities (13 low, 16 moderate, 42 high, 4 critical).

Seems a bit slipshod, no?