I’ve just started a React project using npx create-react-app project. This installs all the relevant files and dependencies required for a react project but there were some vulnerabilities identified :
162 vulnerabilities (1 low, 122 moderate, 36 high, 3 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
However, upon running npm audit fix --force they still raised the following:
8 vulnerabilities (2 moderate, 6 high)
To address all issues (including breaking changes), run:
npm audit fix --force
Upon running npm audit fix --force again, I’m right back to where I’m started, with:
162 vulnerabilities (1 low, 122 moderate, 36 high, 3 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Is there a way to permanently remove all vulnerabilities or do I just have to live with 8 vulnerabilities instead of 162?
P.S.: I currently have Node.js v21.1.0 and npm v10.2.0. And this project is supposed to be a e-commerce website for an actual business that will have to handle payments so preferably, I don’t want it to break due to some vulnerabilities if I could help it.