New Metronic Docs!Added Integration Docs with Starter Kits Apps for Laravel, Laravel Livewire, Angular, Vue, Symfony, Blazor Server, Django & Flask & more
Browse Docs 
Npm installation error
when i run npm install on laravel project on Metronic theme it show me this error
134 packages are looking for funding
run `npm fund` for details
14 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
Replies (3)
Hi,
Could you please try to use "yarn" to install? At the moment, "npm install" have this kind of issue.
Install yarn if you don't have it.
npm install -g yarn
yarnThanks
it doesn't work
it show me now this error
fix available via `npm audit fix`
node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex
node_modules/npm/node_modules/string-width/node_modules/ansi-regex
json-schema <0.4.0
Severity: moderate
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/npm/node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/npm/node_modules/jsprim
nth-check <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install webpack-rtl-plugin@1.3.0, which is a breaking change
node_modules/webpack-rtl-plugin/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/webpack-rtl-plugin/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/webpack-rtl-plugin/node_modules/svgo
postcss-svgo 4.0.0-nightly.2020.1.9 - 5.0.0-rc.2
Depends on vulnerable versions of svgo
node_modules/webpack-rtl-plugin/node_modules/postcss-svgo
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of postcss-svgo
node_modules/webpack-rtl-plugin/node_modules/cssnano-preset-default
cssnano 4.0.0-nightly.2020.1.9 - 4.1.11
Depends on vulnerable versions of cssnano-preset-default
node_modules/webpack-rtl-plugin/node_modules/cssnano
webpack-rtl-plugin *
Depends on vulnerable versions of @romainberger/css-diff
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of rtlcss
node_modules/webpack-rtl-plugin
postcss <7.0.36
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix --force`
Will install webpack-rtl-plugin@1.3.0, which is a breaking change
node_modules/@romainberger/css-diff/node_modules/postcss
node_modules/webpack-rtl-plugin/node_modules/rtlcss/node_modules/postcss
@romainberger/css-diff *
Depends on vulnerable versions of postcss
node_modules/@romainberger/css-diff
webpack-rtl-plugin *
Depends on vulnerable versions of @romainberger/css-diff
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of rtlcss
node_modules/webpack-rtl-plugin
rtlcss <=2.6.2
Depends on vulnerable versions of postcss
node_modules/webpack-rtl-plugin/node_modules/rtlcss
quill <=1.3.7
Severity: moderate
Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r
No fix available
node_modules/quill
14 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
sadeeqrahman@192 StanzaStore % npm install
up to date in 724ms
sadeeqrahman@192 StanzaStore % npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit fix ansi-regex@5.0.0 node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex
npm WARN audit fix ansi-regex@5.0.0 is a bundled dependency of
npm WARN audit fix ansi-regex@5.0.0 npm@7.24.2 at node_modules/npm
npm WARN audit fix ansi-regex@5.0.0 It cannot be fixed automatically.
npm WARN audit fix ansi-regex@5.0.0 Check for updates to the npm package.
npm WARN audit fix ansi-regex@3.0.0 node_modules/npm/node_modules/string-width/node_modules/ansi-regex
npm WARN audit fix ansi-regex@3.0.0 is a bundled dependency of
npm WARN audit fix ansi-regex@3.0.0 npm@7.24.2 at node_modules/npm
npm WARN audit fix ansi-regex@3.0.0 It cannot be fixed automatically.
npm WARN audit fix ansi-regex@3.0.0 Check for updates to the npm package.
npm WARN audit fix json-schema@0.2.3 node_modules/npm/node_modules/json-schema
npm WARN audit fix json-schema@0.2.3 is a bundled dependency of
npm WARN audit fix json-schema@0.2.3 npm@7.24.2 at node_modules/npm
npm WARN audit fix json-schema@0.2.3 It cannot be fixed automatically.
npm WARN audit fix json-schema@0.2.3 Check for updates to the npm package.
npm WARN audit fix jsprim@1.4.1 node_modules/npm/node_modules/jsprim
npm WARN audit fix jsprim@1.4.1 is a bundled dependency of
npm WARN audit fix jsprim@1.4.1 npm@7.24.2 at node_modules/npm
npm WARN audit fix jsprim@1.4.1 It cannot be fixed automatically.
npm WARN audit fix jsprim@1.4.1 Check for updates to the npm package.
npm WARN audit No fix available for quill@<=1.3.7
npm WARN audit Updating webpack-rtl-plugin to 1.3.0,which is a SemVer major change.
added 12 packages, removed 148 packages, changed 4 packages, and audited 1352 packages in 5s
# npm audit report
ansi-regex 3.0.0 || 5.0.0
Severity: moderate
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex
node_modules/npm/node_modules/string-width/node_modules/ansi-regex
json-schema <0.4.0
Severity: moderate
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/npm/node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/npm/node_modules/jsprim
postcss <7.0.36
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix`
node_modules/webpack-rtl-plugin/node_modules/postcss
node_modules/webpack-rtl-plugin/node_modules/rtlcss/node_modules/postcss
rtlcss <=2.6.2
Depends on vulnerable versions of postcss
node_modules/webpack-rtl-plugin/node_modules/rtlcss
webpack-rtl-plugin *
Depends on vulnerable versions of postcss
Depends on vulnerable versions of rtlcss
node_modules/webpack-rtl-plugin
quill <=1.3.7
Severity: moderate
Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r
No fix available
node_modules/quill
7 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
Some issues need review, and may require choosing
a different dependency.Hi Sadeeq,
Could you please try to run this command?
npm audit fix --forceAfter you run the npm audit fix, there are only warnings on moderate severity vulnerabilities left. No critical issue. To fully fix this, we have to remove the dependencies plugins from package.json, but the application with be unusable. For example, the quill plugin. You may remove it if you are not using it.
Not all functions in the plugin have issues. You can check the link and view the discussion. The plugin's author will release the fixes later and we can install the patch soon.
Thanks
