The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
npm 6.12.1 has high severity vulnerability
When installing email@example.com (latest), npm audit flags the “https-proxy-agent” package as a high severity vulnerability.
Even though the “make-fetch-happen” package has fixed its versioning, the fix hasn’t yet made its way to an npm release.
When can we expect an npm release with this vulnerability resolved?
What I Wanted to Do
I wanted to install the “npm” package and not have any dependencies flagged.
What Happened Instead
npm audit flagged 21 high severity vulnerabilities, all of which were the same package.
- mkdir repro && cd repro
- npm init
- npm install --save-dev npm@latest
EDIT: updated to reflect the vulnerability still being in 6.12.1