Search code examples
node.jsnpmsemantic-versioningnpm-auditnpm-vulnerabilities

I cant Fix NPM vulnerabilities

I don't know much about npm and I need to fix this problem:

# npm audit report

semver  <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
No fix available
node_modules/@babel/core/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@babel/helper-create-class-features-plugin/node_modules/semver
  @babel/core  *
  Depends on vulnerable versions of @babel/helper-compilation-targets
  Depends on vulnerable versions of semver
  node_modules/@babel/core
    @babel/helper-compilation-targets  *
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of semver
    node_modules/@babel/helper-compilation-targets
    @babel/helper-create-class-features-plugin  *
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of semver
    node_modules/@babel/helper-create-class-features-plugin
      @babel/plugin-transform-typescript  >=7.21.4-esm
      Depends on vulnerable versions of @babel/helper-create-class-features-plugin
      node_modules/@babel/plugin-transform-typescript
        @babel/preset-typescript  >=7.22.5
        Depends on vulnerable versions of @babel/plugin-transform-typescript
        node_modules/@babel/preset-typescript
    babel-plugin-jsx-dom-expressions  >=0.33.12
    Depends on vulnerable versions of @babel/core
    node_modules/babel-plugin-jsx-dom-expressions
      babel-preset-solid  0.17.0-beta.0 - 0.17.0-beta.3 || >=1.4.6
      Depends on vulnerable versions of @babel/core
      Depends on vulnerable versions of babel-plugin-jsx-dom-expressions
      node_modules/babel-preset-solid
        vite-plugin-solid  *
        Depends on vulnerable versions of @babel/core
        Depends on vulnerable versions of babel-preset-solid
        node_modules/vite-plugin-solid

9 moderate severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.

I removed the "node_modules" folder and "package-lock.json" file and then I ran npm install, but it didn't work.

I also tried to run npm audit fix, and I installed an older "semver" version but they didn't work either.

Solution

  • Try add this code in package.json

    "overrides": {
    "semver": "~7.5.2"
  }