Skip to main content

Fixing Security Vulnerabilities in NPM Packages

Direct dependencies

To fix a vulnerability in a direct dependency, use the npm audit fix command:

npm audit fix

Or, if you have Dependabot enabled, it will automatically create a pull request to update the dependency.

Peer dependencies

To fix a vulnerability in a peer dependency, use the package.json overrides field to set the peer dependency to a version that does not have the vulnerability. For example, to fix a vulnerability in the nth-check package, add the following to package.json:

"overrides": {
  "nth-check": "^2.0.1"
}
 
// or to correct the version at any depth:
"overrides": {
  "nth-check": {
    ".": "^2.0.1"
  }
}

Inbox