Updating packages (npm)

So I ran npm audit and it listed all of my dependency vulnerabilities.

One was lodash, with the suggestion:

npm update lodash --depth 9 to resolve 253 vulnerabilities

But running that didn’t make any difference to the number of vulnerabilities :man_shrugging:

I’ve not got a clue why though?

What version of NodeJs/NPM do you have installed?

node -v

npm -v

It seems like there was a bug with this in some versions.


Did you run npm audit fix?

If you can and it doesn’t break anything for you, you can always delete the node_modules folder and package-lock.json file and do a fresh npm i.

Interesting - node v12.16.3 and npm 6.9.0, so I had a brief look and it looks like I might have that problem.

In the end I installed npm-check-update and npm-check and used those to update the packages - but that’s really useful to know, thanks

My problems are by no means solved - I’ve been having some real weird behaviour around just that (removing node_modules and package-lock) - but I’m getting there slowly, thanks. I just need to update my webpack loaders - which I’m dreading :no_mouth:

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.