Super Sale
Limited Time 50% OFF for All-Access Plans
Save 50% Now
Npm installation error
when i run npm install on laravel project on Metronic theme it show me this error
134 packages are looking for funding
run npm fund for details
14 moderate severity vulnerabilities
To address issues that do not require attention, run: npm audit fix
To address all issues possible (including breaking changes), run: npm audit fix --force
Some issues need review, and may require choosing a different dependency.
Run npm audit for details.
Replies (3)
Hi,
Could you please try to use "yarn" to install? At the moment, "npm install" have this kind of issue.
Install yarn if you don't have it.
npm install -g yarn
yarnThanks
it doesn't work
it show me now this error
fix available via npm audit fix
node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex
node_modules/npm/node_modules/string-width/node_modules/ansi-regex
json-schema <0.4.0 Severity: moderate json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw fix available via `npm audit fix` node_modules/npm/node_modules/json-schema jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1 Depends on vulnerable versions of json-schema node_modules/npm/node_modules/jsprim nth-check <2.0.1 Severity: moderate Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via `npm audit fix --force` Will install webpack-rtl-plugin@1.3.0, which is a breaking change node_modules/webpack-rtl-plugin/node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/webpack-rtl-plugin/node_modules/css-select svgo 1.0.0 - 1.3.2 Depends on vulnerable versions of css-select node_modules/webpack-rtl-plugin/node_modules/svgo postcss-svgo 4.0.0-nightly.2020.1.9 - 5.0.0-rc.2 Depends on vulnerable versions of svgo node_modules/webpack-rtl-plugin/node_modules/postcss-svgo cssnano-preset-default <=4.0.8 Depends on vulnerable versions of postcss-svgo node_modules/webpack-rtl-plugin/node_modules/cssnano-preset-default cssnano 4.0.0-nightly.2020.1.9 - 4.1.11 Depends on vulnerable versions of cssnano-preset-default node_modules/webpack-rtl-plugin/node_modules/cssnano webpack-rtl-plugin * Depends on vulnerable versions of @romainberger/css-diff Depends on vulnerable versions of cssnano Depends on vulnerable versions of rtlcss node_modules/webpack-rtl-plugin postcss <7.0.36 Severity: moderate Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5 fix available via `npm audit fix --force` Will install webpack-rtl-plugin@1.3.0, which is a breaking change node_modules/@romainberger/css-diff/node_modules/postcss node_modules/webpack-rtl-plugin/node_modules/rtlcss/node_modules/postcss @romainberger/css-diff * Depends on vulnerable versions of postcss node_modules/@romainberger/css-diff webpack-rtl-plugin * Depends on vulnerable versions of @romainberger/css-diff Depends on vulnerable versions of cssnano Depends on vulnerable versions of rtlcss node_modules/webpack-rtl-plugin rtlcss <=2.6.2 Depends on vulnerable versions of postcss node_modules/webpack-rtl-plugin/node_modules/rtlcss quill <=1.3.7 Severity: moderate Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r No fix available node_modules/quill 14 moderate severity vulnerabilities To address issues that do not require attention, run: npm audit fix To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency. sadeeqrahman@192 StanzaStore % npm install up to date in 724ms sadeeqrahman@192 StanzaStore % npm audit fix --force npm WARN using --force Recommended protections disabled. npm WARN audit fix ansi-regex@5.0.0 node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex npm WARN audit fix ansi-regex@5.0.0 is a bundled dependency of npm WARN audit fix ansi-regex@5.0.0 npm@7.24.2 at node_modules/npm npm WARN audit fix ansi-regex@5.0.0 It cannot be fixed automatically. npm WARN audit fix ansi-regex@5.0.0 Check for updates to the npm package. npm WARN audit fix ansi-regex@3.0.0 node_modules/npm/node_modules/string-width/node_modules/ansi-regex npm WARN audit fix ansi-regex@3.0.0 is a bundled dependency of npm WARN audit fix ansi-regex@3.0.0 npm@7.24.2 at node_modules/npm npm WARN audit fix ansi-regex@3.0.0 It cannot be fixed automatically. npm WARN audit fix ansi-regex@3.0.0 Check for updates to the npm package. npm WARN audit fix json-schema@0.2.3 node_modules/npm/node_modules/json-schema npm WARN audit fix json-schema@0.2.3 is a bundled dependency of npm WARN audit fix json-schema@0.2.3 npm@7.24.2 at node_modules/npm npm WARN audit fix json-schema@0.2.3 It cannot be fixed automatically. npm WARN audit fix json-schema@0.2.3 Check for updates to the npm package. npm WARN audit fix jsprim@1.4.1 node_modules/npm/node_modules/jsprim npm WARN audit fix jsprim@1.4.1 is a bundled dependency of npm WARN audit fix jsprim@1.4.1 npm@7.24.2 at node_modules/npm npm WARN audit fix jsprim@1.4.1 It cannot be fixed automatically. npm WARN audit fix jsprim@1.4.1 Check for updates to the npm package. npm WARN audit No fix available for quill@<=1.3.7 npm WARN audit Updating webpack-rtl-plugin to 1.3.0,which is a SemVer major change. added 12 packages, removed 148 packages, changed 4 packages, and audited 1352 packages in 5s # npm audit report ansi-regex 3.0.0 || 5.0.0 Severity: moderate Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via `npm audit fix` node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex node_modules/npm/node_modules/string-width/node_modules/ansi-regex json-schema <0.4.0 Severity: moderate json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw fix available via `npm audit fix` node_modules/npm/node_modules/json-schema jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1 Depends on vulnerable versions of json-schema node_modules/npm/node_modules/jsprim postcss <7.0.36 Severity: moderate Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5 fix available via `npm audit fix` node_modules/webpack-rtl-plugin/node_modules/postcss node_modules/webpack-rtl-plugin/node_modules/rtlcss/node_modules/postcss rtlcss <=2.6.2 Depends on vulnerable versions of postcss node_modules/webpack-rtl-plugin/node_modules/rtlcss webpack-rtl-plugin * Depends on vulnerable versions of postcss Depends on vulnerable versions of rtlcss node_modules/webpack-rtl-plugin quill <=1.3.7 Severity: moderate Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r No fix available node_modules/quill 7 moderate severity vulnerabilities To address issues that do not require attention, run: npm audit fix Some issues need review, and may require choosing a different dependency.
Hi Sadeeq,
Could you please try to run this command?
npm audit fix --forceAfter you run the npm audit fix, there are only warnings on moderate severity vulnerabilities left. No critical issue. To fully fix this, we have to remove the dependencies plugins from package.json, but the application with be unusable. For example, the quill plugin. You may remove it if you are not using it.
Not all functions in the plugin have issues. You can check the link and view the discussion. The plugin's author will release the fixes later and we can install the patch soon.
Thanks
