Skip to content
GitLab
Closed
Issue created by Administrator@rootContributor

npm audit vulnerability : react-scripts > webpack-dev-server > yargs > yargs-parser

Created by: sonikamah

while running npm audit , I am getting the below error for 'react-scripts' (1 low vulnerability ), could you please help me ?

  • Below I have added my package.json.

  • Error is for : "react-scripts > webpack-dev-server > yargs > yargs-parser"

npm audit

                   === npm audit security report ===


                             Manual Review
         Some vulnerabilities require your attention to resolve

      Visit https://go.npm.me/audit-guide for additional guidance

Low Prototype Pollution

Package yargs-parser

Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2

Dependency of react-scripts

Path react-scripts > webpack-dev-server > yargs > yargs-parser

More info https://npmjs.com/advisories/1500

package.json -> dependencies

"dependencies": { "react": "^16.12.0", "react-dom": "^16.12.0", "react-router-dom": "^5.1.2", "react-scripts": "3.4.0", "reactstrap": "^8.4.1" },