Search code examples
securitynpmminimist

Moderate severity vulnerabilities due to minimist

I'm running into a huge number of vulnerabilities. There are 583 vulnerabilities all associated with the package minimist

enter image description here

My package.json is as such:

{
  "name": "weather-wizard",
  "version": "0.1.0",
  "private": true,
  "proxy": "http://localhost:5000",
  "dependencies": {
    "@testing-library/jest-dom": "^4.2.4",
    "@testing-library/react": "^9.4.1",
    "@testing-library/user-event": "^7.2.1",
    "axios": "^0.19.2",
    "chart.js": "^2.9.3",
    "eslint-plugin-flowtype": "^3.13.0",
    "minimist": "^1.2.5",
    "moment": "^2.24.0",
    "node-sass": "^4.13.1",
    "react": "^16.13.0",
    "react-animated-weather": "^4.0.0",
    "react-chartjs-2": "^2.9.0",
    "react-dom": "^16.13.0",
    "react-places-autocomplete": "^7.2.1",
    "react-scripts": "3.4.0",
    "typescript": "^3.8.3"
  },
  "scripts": {
    "start": "react-scripts start",
    "build": "react-scripts build",
    "test": "react-scripts test",
    "eject": "react-scripts eject"
  },
  "eslintConfig": {
    "extends": "react-app"
  },
  "browserslist": {
    "production": [
      ">0.2%",
      "not dead",
      "not op_mini all"
    ],
    "development": [
      "last 1 chrome version",
      "last 1 firefox version",
      "last 1 safari version"
    ]
  }
}

What is the best way to manage these vulnerabilities?

Solution

  • When you see some issue like this, you need to first check on the github repository if they are already notified and create an issue so they can fix it soon.

    They are taking care of this in the following issue: https://github.com/facebook/create-react-app/issues/8672