WSL-2 npm audit issues when using npx create-strapi-app

mwoodpatrick · May 15, 2021, 12:08am

System Information

Strapi Version: 3.6.1
Operating System: windows - wsl2
Database: sqllite3 5.0.0
Node Version: v14.16.1
NPM Version: 6.14.12

I am trying to use strapi on wsl2 when I do “npm audit” it reports “found 52 vulnerabilities (7 moderate, 45 high) in 1669 scanned packages”. I run “npm audit fix” but the issues remain is this expected? I tried running npm update but it did not help. For example the version of property-expr is I have is 1.5.1 and “npm audit” reports “Prototype Pollution in property-expr” (npm) this is fixed in 2.0.3 and the latest version is 2.0.4. is there a reason why the package file created by “npx create-strapi-app” is specifying such old versions? Any suggestions on how I can fix or debug this?

dengruns · May 15, 2021, 7:01am

I’ve the same question. I’m new to Strapi. And for me this is a blocker if I want to use it in a production environment.

mwoodpatrick · May 24, 2021, 1:18am

I tried creating a strapi app on Ubuntu 20 on Digital Ocean and saw the same issue

found 51 vulnerabilities (7 moderate, 44 high) in 1666 scanned packages
51 vulnerabilities require manual review. See the full report for details.

Is anyone else concerned about/working on this?