npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

npm audit recommends nonexistent package

When I run npm audit in my codebase with gulp@3.9.1 installed, I get 5 vulnerabilities. The recommended action is ‘npm install --save-dev gulp@4.0.0’. If I go to https://www.npmjs.com/package/gulp, the latest version is 3.9.1.


The version does exist, as can be seen in the Versions tab of the package. It’s just that the version isn’t labelled latest but next, which makes the other version show up in place in the summary.