Menu
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-native-cached-image │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ react-native-cached-image > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 11 vulnerabilities (2 low, 8 moderate, 1 high) in 26316 scanned packages
11 vulnerabilities require manual review. See the full report for details.
This shows up when I try to npm install, and all of them required manual review. I've tried to visit this to check for more info and apparently it's because my lodash is of version 4.17.4. So I've then run npm install --save [email protected] and checked my package.json to make sure it's reflecting correctly.
However, it seems the vulnerabilities is still there. Wondering if I fix it the wrong way?
As per requested, the body of package.json
"dependencies": {
"lodash": "^4.17.5",
}
826
You can solve it with https://github.com/rogeriochaves/npm-force-resolutions
1) add resolutions section
"resolutions": {
"lodash": "^4.17.5"
}
2) run
rm -r node_modules
npx npm-force-resolutions
npm install
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
