npm audit fix does the same thing as npm audit

mybearworld

I have no idea why but it just fixed itself.

I know this is not the correct place to ask but I don't know where else, so…

When I run `npm audit`, it tells me:

22 vulnerabilities (5 moderate, 13 high, 4 critical)

To address all issues, run:
  npm audit fix

So naturally, I run `npm audit fix`. But `npm audit fix` just gives me the exact same output! Reinstalling node.js didn't help. Does anyone know why that could be?

Last edited by mybearworld (May 9, 2023 15:21:53)

ajskateboarder

`npm audit` doesn't really do much anyway

Last edited by ajskateboarder (May 9, 2023 14:19:39)

mybearworld

ajskateboarder wrote:
(#2)
`npm audit` doesn't really do much anyway

I know, and that's why it's a bit of a problem when `npm audit fix` does exactly the same thing

bigspeedfpv

using npm audit is bad practice for front end projects because it was never intended to audit frontend libraries
also, why are you using npm skull emoji

mybearworld

bigspeedfpv wrote:
(#4)
using npm audit is bad practice for front end projects because it was never intended to audit frontend libraries
also, why are you using npm skull emoji

Installing a module told me I have 22 vulnerabilities, so I used it. Also, because literally everything uses NPM?

uwv

mybearworld wrote:
(#5)
Also, because literally everything uses NPM?

use yarn or pnpm, they both fetch repos from npm but are much faster

ajskateboarder

uwv wrote:
mybearworld wrote:
(#5)
Also, because literally everything uses NPM?
use yarn or pnpm, they both fetch repos from npm but are much faster

Exactly

bigspeedfpv

mybearworld wrote:
bigspeedfpv wrote:
(#4)
using npm audit is bad practice for front end projects because it was never intended to audit frontend libraries
also, why are you using npm skull emoji
Installing a module told me I have 22 vulnerabilities, so I used it. Also, because literally everything uses NPM?

audit is pretty much useless. there's a reason better package managers (pnpm, yarn, yarn berry) don't implement the same functionality.

speaking of - check out yarn and pnpm

corepack enable
pnpm install

it will change your life, they're so much better than npm

mybearworld

bigspeedfpv wrote:
mybearworld wrote:
bigspeedfpv wrote:
(#4)
using npm audit is bad practice for front end projects because it was never intended to audit frontend libraries
also, why are you using npm skull emoji
Installing a module told me I have 22 vulnerabilities, so I used it. Also, because literally everything uses NPM?
audit is pretty much useless. there's a reason better package managers (pnpm, yarn, yarn berry) don't implement the same functionality.

speaking of - check out yarn and pnpm
corepack enable
pnpm install
it will change your life, they're so much better than npm

Sure, but I want to use the packages of npm, not of yarn or pnpm. I see how npm audit is useless, though, it were lots of RegExp DoS for me as well.

NFlex23

mybearworld wrote:
bigspeedfpv wrote:
mybearworld wrote:
bigspeedfpv wrote:
(#4)
using npm audit is bad practice for front end projects because it was never intended to audit frontend libraries
also, why are you using npm skull emoji
Installing a module told me I have 22 vulnerabilities, so I used it. Also, because literally everything uses NPM?
audit is pretty much useless. there's a reason better package managers (pnpm, yarn, yarn berry) don't implement the same functionality.

speaking of - check out yarn and pnpm
corepack enable
pnpm install
it will change your life, they're so much better than npm
Sure, but I want to use the packages of npm, not of yarn or pnpm. I see how npm audit is useless, though, it were lots of RegExp DoS for me as well.

Yarn and PNPM use the exact same package registry as NPM.

MagicCrayon9342

pnpm causes problems.

bigspeedfpv

MagicCrayon9342 wrote:
pnpm causes problems.

this is a skill issue (you can disable pnpm's package flattening so its node_modules layout is identical to NPM)

Discuss Scratch