Angular project installing axios shows three moderate npm vulnerabilities. Neither npm audit nor audit fix resolve the issue.
$ npm secure-check
Package: [email protected]
Severity: moderate
Fix: run npm secure-fix
I experienced a similar issue when trying to resolve moderate vulnerabilities in an Angular project using axios. In my case, I found that instead of directly using npm audit fix, reviewing the package’s GitHub issues and security advisories provided more insight. I had to update axios to a more recent version, sometimes by adjusting the version constraint manually in package.json or package-lock.json. Even though the vulnerability was reported as moderate, ensuring all dependencies are up-to-date was crucial. Additionally, I confirmed that the fix resolved the vulnerability by running a thorough npm audit afterwards.
I’ve encountered similar issues in my Angular projects, especially when some vulnerabilities are flagged after installing new packages like axios. In one case, I had to dive into the dependency tree to pinpoint which package was truly causing the moderate vulnerabilities. I found that not only updating the direct dependency but also checking for transitive dependency updates was crucial. After manually reviewing each critical package and updating version constraints where necessary, I re-ran npm audit, which eventually cleared the issues. This approach helped me resolve the vulnerabilities and improved overall project stability.
hey, i had this problem too. eventually i updated non-angular deps manually. i cheked repo threads and used a forcaby upgrade which fixed it. try that route and see if it cleans up ur vuln issues.
In addressing npm vulnerabilities in Angular projects, my experience involved a more comprehensive approach than just running npm audit fix. I began by removing the node_modules directory and regenerating the package-lock file to ensure all packages were rebuilt and referenced the latest resolved versions. I then checked each dependency’s repository for any pending issues or security patches, which often revealed that a transitive dependency was at fault. This process of cleaning and re-installing helped update all packages effectively. A subsequent npm audit confirmed that the vulnerabilities were resolved, ensuring project stability.
I encountered a similar issue in a project where upgrading axios directly didn’t fully address the concerns raised by npm audit. In my case, I took a different approach by using the npm-force-resolutions package. I added a resolutions field to my package.json and specified the required version fixes for the transitive dependencies. After deleting the node_modules directory and running a fresh install, I rechecked with npm audit. This process ensured that even indirectly linked vulnerabilities were patched, and the security issues were completely resolved.