When creating a new project under create-react-app
, you get warnings straight away regarding a vulnerability found in postcss
.
Issue reported by npm: https://www.npmjs.com/advisories/1693
Related open issues can be found here:
The issue has been patched on postcss v8.2.10
, but it's still present when creating new projects as react-scripts
hasn't upgraded the dependency yet.
So, my problem here is I can no longer run builds as they fail due to the vulnerability.
Since I can't wait for them to get it patched before to keep working on my stuff (they seem to be aware of it since a year ago), is there some workaround that could be applied to solve it?
I tried adding a postcss
resolution on package.json
:
"resolutions": {
"postcss": "^8.2.10"
},
but that didn't land me far.
Any idea?
This article helped me.
https://www.npmjs.com/package/npm-force-resolutions.
To use resolutions you wrote you should force them by adding this script in package.json
"scripts": {
"preinstall": "npx npm-force-resolutions"
}
after that run npm install
and it should overwrite all nested dependencies
Anyway it will not work due many dependencies. Good news is that support for postcss 8 is already merged and probably will be released soon https://github.com/facebook/create-react-app/issues/9664