PS C:\xampp\htdocs\creative_tim\notus_react_admin> npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating postcss to 2.2.19,which is outside your stated dependency range.
npm WARN audit Updating react-scripts to 5.0.1,which is a SemVer major change.
npm WARN audit Updating tailwindcss to 2.2.19,which is outside your stated dependency range.
npm WARN audit Updating gulp to 3.9.1,which is a SemVer major change.
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/postcss
npm WARN peer postcss@"^8.1.0" from [email protected]
npm WARN node_modules/autoprefixer
npm WARN peer autoprefixer@"^10.0.2" from [email protected]
npm WARN node_modules/tailwindcss
npm WARN 1 more (the root project)
npm WARN 5 more (postcss-js, postcss-safe-parser, purgecss, tailwindcss, the root project)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer postcss@"^8.1.0" from [email protected]
npm WARN node_modules/autoprefixer
npm WARN peer autoprefixer@"^10.0.2" from [email protected]
npm WARN node_modules/tailwindcss
npm WARN 1 more (the root project)
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: peer postcss@"^8.0.9" from [email protected]
npm WARN node_modules/tailwindcss
npm WARN tailwindcss@"2.2.19" from the root project
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer postcss@"^8.0.9" from [email protected]
npm WARN node_modules/tailwindcss
npm WARN tailwindcss@"2.2.19" from the root project
npm WARN
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/postcss
npm WARN peer postcss@"^8.0.9" from [email protected]
npm WARN node_modules/tailwindcss
npm WARN tailwindcss@"2.2.19" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: peer postcss@"^8.2.14" from [email protected]
npm WARN node_modules/tailwindcss/node_modules/postcss-nested
npm WARN postcss-nested@"5.0.6" from [email protected]
npm WARN node_modules/tailwindcss
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer postcss@"^8.2.14" from [email protected]
npm WARN node_modules/tailwindcss/node_modules/postcss-nested
npm WARN postcss-nested@"5.0.6" from [email protected]
npm WARN node_modules/tailwindcss
npm WARN deprecated [email protected]: This module relies on Node.js's internals and will break at some point. Do not use it, and update to [email protected].
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
added 375 packages, removed 860 packages, changed 245 packages, and audited 1735 packages in 28s
207 packages are looking for funding
run npm fund
for details
npm audit report
lodash <=4.17.20
Severity: critical
Prototype Pollution in lodash - GHSA-jf85-cpcp-j695
Prototype Pollution in lodash - GHSA-4xc9-xhrj-v574
Prototype Pollution in lodash - GHSA-fvqr-27wr-82fm
Command Injection in lodash - GHSA-35jh-r3h4-6jhm
Regular Expression Denial of Service (ReDoS) in lodash - GHSA-29mw-wpgm-hmr9
Regular Expression Denial of Service (ReDoS) in lodash - GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - GHSA-p6mc-m468-83gw
fix available via npm audit fix
node_modules/globule/node_modules/lodash
globule <=1.1.0
Depends on vulnerable versions of glob
Depends on vulnerable versions of lodash
Depends on vulnerable versions of minimatch
node_modules/globule
gaze 0.4.0 - 1.0.0
Depends on vulnerable versions of globule
node_modules/gaze
glob-watcher <=2.0.0
Depends on vulnerable versions of gaze
node_modules/glob-watcher
lodash.template <4.5.0
Severity: critical
Prototype Pollution in lodash - GHSA-jf85-cpcp-j695
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/lodash.template
gulp-util >=1.1.0
Depends on vulnerable versions of lodash.template
node_modules/gulp-util
gulp 2.6.1 - 3.9.1
Depends on vulnerable versions of gulp-util
Depends on vulnerable versions of vinyl-fs
node_modules/gulp
minimatch <3.0.2
Severity: high
Regular Expression Denial of Service in minimatch - GHSA-hxm2-r34f-qmc5
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/glob-stream/node_modules/minimatch
node_modules/globule/node_modules/minimatch
glob 3.0.0 - 5.0.14
Depends on vulnerable versions of minimatch
node_modules/glob-stream/node_modules/glob
node_modules/globule/node_modules/glob
glob-stream 0.2.0 - 5.2.0
Depends on vulnerable versions of glob
Depends on vulnerable versions of minimatch
node_modules/glob-stream
vinyl-fs <=1.0.0
Depends on vulnerable versions of glob-stream
Depends on vulnerable versions of glob-watcher
node_modules/vinyl-fs
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - GHSA-rp65-9cf3-cjxr
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
node_modules/react-scripts
17 vulnerabilities (13 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force