The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
Force dependency selectively
One of the dependencies of dependencies we have has a vulnerability. How can I force the vulnerable dependency version bump to avoid being exposed?
The first thing I try is running
npm audit and seeing if it has advice on how to try fixing it. For example, my package currently has one warning with this advice:
# Run npm update handlebars --depth 7 to resolve 1 vulnerability