This is what I have got!!
PS C:\My Files\Software Development\netflix-clone> npx create-react-app ./
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
Creating a new React app in C:\My Files\Software Development\netflix-clone.
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
Installing packages. This might take a couple of minutes.
Installing react, react-dom, and react-scripts with cra-template...
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
added 1392 packages in 11m
194 packages are looking for funding
run `npm fund` for details
Initialized a git repository.
Installing template dependencies using npm...
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-resolve#deprecated
added 52 packages in 9s
194 packages are looking for funding
run `npm fund` for details
Removing template package using npm...
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
removed 1 package, and audited 1444 packages in 6s
194 packages are looking for funding
run `npm fund` for details
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Created git commit.
Success! Created netflix-clone at C:\My Files\Software Development\netflix-clone
Inside that directory, you can run several commands:
npm start
Starts the development server.
npm run build
Bundles the app into static files for production.
npm test
Starts the test runner.
npm run eject
Removes this tool and copies build dependencies, configuration files
and scripts into the app directory. If you do this, you can’t go back!
We suggest that you begin by typing:
cd C:\My Files\Software Development\netflix-clone
npm start
Happy hacking!
PS C:\My Files\Software Development\netflix-clone>
This is what npm audit tells!
PS C:\My Files\Software Development\netflix-clone> npm audit
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
# npm audit report
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
node_modules/react-scripts
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
PS C:\My Files\Software Development\netflix-clone>
Here is what npm audit fix does!
PS C:\My Files\Software Development\netflix-clone> npm audit fix
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
up to date, audited 1444 packages in 6s
194 packages are looking for funding
run `npm fund` for details
# npm audit report
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
node_modules/react-scripts
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
PS C:\My Files\Software Development\netflix-clone>
On running npm audit fix --force, i end up getting even more number of vulnerabilities!
Thank You!!
Create React App was created by Dan Abramov. He's written an excellent article about the issues with npm audit in create-react-app. It's a good read and I learned a lot about packages, npm audit and create-react-app.
https://overreacted.io/npm-audit-broken-by-design/
TL;DR
You can ignore these security vulnerabilities.