I have been trying to create a react app using npx. -At first it said " create-react-app " is no longer supported (problem solved I managed to generate an operating react app with a template). -Then it started throwing warning (deprecated files) I managed to fix some of them but not all of them.
My question is should I use the react app even with the high severity vulnerabilities or not use the react app because it will be used by my teammates as well.
Here is an overview in my terminal: vulnerabilities
While those warnings can matter for front-end apps and I suggest to check if they affect you, they're mainly designed for Node.js apps.
In the meantime, the co-author of Redux and create-react-app, Dan Abramov, explained these warnings here: https://github.com/facebook/create-react-app/issues/11174
TLDR: npm audit is broken for front-end tooling by design
npm audit is designed for Node apps so it flags issues that can occur when you run actual Node code in production. That is categorically not how Create React App works.
Yes, unfortunately that's how npm works since v6. You can bring it up with npm. If enough people complain, maybe they'll rethink this decision. It is unfortunately actively hostile to build tooling.
