WSL-2 npm audit issues when using npx create-strapi-app

System Information
  • Strapi Version: 3.6.1
  • Operating System: windows - wsl2
  • Database: sqllite3 5.0.0
  • Node Version: v14.16.1
  • NPM Version: 6.14.12

I am trying to use strapi on wsl2 when I do “npm audit” it reports “found 52 vulnerabilities (7 moderate, 45 high) in 1669 scanned packages”. I run “npm audit fix” but the issues remain is this expected? I tried running npm update but it did not help. For example the version of property-expr is I have is 1.5.1 and “npm audit” reports “Prototype Pollution in property-expr” (npm) this is fixed in 2.0.3 and the latest version is 2.0.4. is there a reason why the package file created by “npx create-strapi-app” is specifying such old versions? Any suggestions on how I can fix or debug this?

1 Like

I’ve the same question. I’m new to Strapi. And for me this is a blocker if I want to use it in a production environment.

I tried creating a strapi app on Ubuntu 20 on Digital Ocean and saw the same issue

found 51 vulnerabilities (7 moderate, 44 high) in 1666 scanned packages
51 vulnerabilities require manual review. See the full report for details.

Is anyone else concerned about/working on this?