How to solve vulnerabilities in REACT JS - reactjs

I am an absolute beginner in React N/JS. I have been learning from several videos and tried creating an app using the npx create-react-app *app name* . I made the same app before which was running fine, but I started over with the same app after a couple of months and the terminal showed 58 vulnerabilities (16 moderate, 40 high, 2 critical).
At first, I fixed it by running the command npm i --package-lock-only. but then something happened and i had to reinstall VS Code, after which the vulnerabilities reappeared and now neither npm audit fix or npm audit fix --force, nor npm i --package-lock-only is working.
As you can tell my technical terminologies are really weak, but I really hope I am making sense. Would really appreciate it if anyone could suggest me a solution!

it causes your node module's version different from your react version.
to be sure to see your recommended react version of the installed node module.

Related

Why is npm audit fix force not dealing with my react app vulnerabilities?

I have been trying to create a react app using npx.
-At first it said " create-react-app " is no longer supported (problem solved I managed to generate an operating react app with a template).
-Then it started throwing warning (deprecated files) I managed to fix some of them but not all of them.
The app was created but with 6 high sevirity vulnerabilities.
I ran an audit fix --force it gave me 66 vulnerabilities. I ran the npm audit fix -force again it gave me the old 6 vulnerabilities.
My question is should I use the react app even with the high severity vulnerabilities or not use the react app because it will be used by my teammates as well.
Here is an overview in my terminal:
vulnerabilities
While those warnings can matter for front-end apps and I suggest to check if they affect you, they're mainly designed for Node.js apps.
In the meantime, the co-author of Redux and create-react-app, Dan Abramov, explained these warnings here: https://github.com/facebook/create-react-app/issues/11174
TLDR: npm audit is broken for front-end tooling by design
npm audit is designed for Node apps so it flags issues that can occur when you run actual Node code in production. That is categorically not how Create React App works.
But I still see these warnings when creating a new project or running npm install
Yes, unfortunately that's how npm works since v6. You can bring it up with npm. If enough people complain, maybe they'll rethink this decision. It is unfortunately actively hostile to build tooling.

Unable to create a react app even after clearing severity vulnerabilities

I'm trying to create a webpage using Reactjs (for learning react js).
After I run the command npx create-react-app cars, I'm getting errors as follows:
npm WARN deprecated tar#2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
added 64 packages, and audited 107 packages in 15s
3 high severity vulnerabilities
To address all issues, run:
npm audit fix
Run "npm audit" for details.
After running npm audit, it says:
To address all issues (including breaking changes), run: npm audit fix --force
which gave the result as:
found 0 vulnerabilities
After following all these steps, when I try to create a project starting from create-react-app I'm getting same errors like:
x high severity vulnerabilities to address all issues, run: npm audit
I don't understand what I'm missing here. By all these I ended up creating 4 folders which has a subfolder node-modules and two JSON files named package and package-lock
Can anybody please direct me how do I proceed with all these?
npm version: 7.21.0
node version: v16.7.0
windows: 10
Below are the steps I followed to create my react environment and get ride of these warnings/errors are:
As per this answer, I have uninstalled ByteFence since as I mentioned here in the comments that there a threat detection and
Used this command npm set audit false from this answer
Apart from these steps, I made sure that I have latest versions of Node and npm installed

Receiving error when creating new app using create react app

For some reason when trying to create a new app using create react app, it results in errors everytime. Anybody know what's going on?
Error Stack
Have you tried it without the additional --use-npm flags at the end?
npx create-react-app user-onboarding
cd user-onboarding
npm start
Official docs
Edit: Yeah, reading your errors in the screenshot it appears that the --use-npm flag is causing it to use npm which has outdated versions available, but npx always finds the newest versions. Which is a big reason it is the preferred method for installing create-react-app
If you have your heart set on using npm you can always do an npm update before running it again.

React/NPM dependecy error on create-react-app project

I am trying to create a new project and I am running into an npm security issue.
First I created a new react app using the command npx create-react-app {app-name} and then changed the directory into that folder. I tried to run npm install (to update all packages), and I get this error:
found 2 vulnerabilities (1 low, 1 high) in 1643 scanned packages
2 vulnerabilities require manual review. See the full report for details.
I ran npm audit as instructed and the generated security report shows the following:
NPM AUDIT SECURITY REPORT
at first I thought I had maybe done something incorrectly during the setup, however, I went to a previous project in which there were no dependency errors or errors at all for that matter. I ran npm install in the directory of the react app, and sure enough, I got the same issues. Obviously this is going to be a big deal if it is happening to everyone, but in the event that someone is not running into this issue, are the any tips I could get to overcome this error?
Thanks!

Another React Native version mismatch

I'm getting a React Native version mismatch.
JavaScript version: 0.51.0
Native version: 0.52.0
I know there are others who have posted similar online but I simply don't understand what I need to do to resolve it, and as I'm supposed to avoid asking for help in other posts I am starting a new one!
I've closed Terminals and run build again as suggested elsewhere, considered changing Expo versions but unsure if I need to, and how. Anyone got a simply-to-explain solution?
Which version of what do I need to change?
Thanks
The issue of mismatch is related to the changing of your react-native version without properly updating peer dependencies and native projects.
If your project is using Expo, try following the upgrade guidelines here offered from Facebook.
Upgrading to new React Native versions
Found under.. "Create React Native App projects"
The document reference in will give you working mappings.
Once updated, run in your project root.
npm prune && npm install
# OR
yarn
Afterward start your app with your cache cleared.
npm start --reset-cache
# or
yarn start --reset-cache

Resources