The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
Vulnerabilities problem using "npm install"
I have installed an express server using
express coserver command, then I used .npm install’ command to install other node packages/dependencies, but I got this result:
=== npm audit security report === Manual Review Some vulnerabilities require your attention to resolve Visit https://go.npm.me/audit-guide for additional guidance Low Incorrect Handling of Non-Boolean Comparisons During Minification Package uglify-js Patched in >= 2.4.24 Dependency of jade Path jade > transformers > uglify-js More info https://nodesecurity.io/advisories/39 Low Regular Expression Denial of Service Package uglify-js Patched in >=2.6.0 Dependency of jade Path jade > transformers > uglify-js More info https://nodesecurity.io/advisories/48 Critical Sandbox Bypass Leading to Arbitrary Code Execution Package constantinople Patched in >=3.1.1 Dependency of jade Path jade > constantinople More info https://nodesecurity.io/advisories/568 Low Regular Expression Denial of Service Package clean-css Patched in >=4.1.11 Dependency of jade Path jade > clean-css More info https://nodesecurity.io/advisories/785 found 4 vulnerabilities (3 low, 1 critical) in 194 scanned packages 4 vulnerabilities require manual review. See the full report for details.
node --version is
express --version is
4.16.1 and I use Windows 10. I don’t know if other information is needed to put here but let me know that if so.
(Moved topic to #support)