Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

JavaScript Express Basics Getting Started with Express Install Express

Diana Soriano
seal-mask
.a{fill-rule:evenodd;}techdegree
Diana Soriano
Python Development Techdegree Student 9,182 Points

I received an error in my terminal stating 6 vulnerabilities (1 low, 2 moderate, 3 high), Severity: high, fresh <0.5.2.

What does this mean? shall i stop installation?

2 Answers

Bella Bradbury
seal-mask
.a{fill-rule:evenodd;}techdegree
Bella Bradbury
Web Development Techdegree Student 12,629 Points

Try running 'npm audit fix' in your terminal! This should resolve the issues.

https://docs.npmjs.com/cli/v8/commands/npm-audit Here is the link to the documentation if you'd like to read more on the subject!

Guillermo Gallo
seal-mask
.a{fill-rule:evenodd;}techdegree
Guillermo Gallo
Full Stack JavaScript Techdegree Student 8,490 Points

Hi Diana Soriano.

When you install dependencies for your projects this means you are downloading code that other developers have created and their code could have certain vulnerabilities or risks if they were not implemented properly or if you have an old version of the dependency installed.

What npm is telling you here is that it has scanned all of the dependencies that you have installed and has found that some of them have some vulnerabilities. These vulnerabilities could potentially put your website/project at risk if you decide to use these dependencies in their current state.

As Bella Bradbury pointed out, running the 'npm audit fix' command will instruct npm to try to fix these vulnerabilities automatically, however there will not always be an automatic fix, sometimes some manual intervention might be necessary and other times you will have to determine if the risk is low compared to the advantage of using that particular dependency and lastly there will be times when the project you are working on requires an old version of a dependency and therefore it cannot be updated even though it has a vulnerability.

Hopes this makes it more clear for you.