Tips for resolving the npm glob-parent dilemma

Vulnerability in glob-parent <5.1.2 Detected
Severity Level: moderate
Description: Regular expression denial of service - More information at https://npmjs.com/advisories/1751
Resolution: fix available through `npm audit fix`
Affected Package: node_modules/watchpack-chokidar2/node_modules/glob-parent
  Affected Versions: chokidar 1.0.0-rc1 - 2.1.8
  Dependency: vulnerable versions of glob-parent
  Nested Dependency: node_modules/watchpack-chokidar2/node_modules/chokidar
    Affected Module: watchpack-chokidar2 
    Dependency: vulnerable versions of chokidar
    Nested Dependency: node_modules/watchpack-chokidar2
      Affected Module: watchpack
      Dependency: vulnerable versions of watchpack-chokidar2
      Nested Dependency: node_modules/watchpack

Recently installed cookie-parser through cmd. I have identified 4 moderate vulnerabilities as mentioned above. The version of my glob-parent currently is 7.19.1 Running 'npm audit' and 'npm audit fix' did not resolve the issue. What steps should I take to address this?

Answer №1

To make necessary changes in your package.json file, follow these steps:

"preinstall": "npx npm-force-resolutions"

Next, include the following code snippet below the scripts section:

"resolutions": {
   "glob-parent": "^6.0.1"
}

Note that there is a possibility of older version dependent packages breaking due to the update to version 6.0.1.

Answer №2

I am the individual responsible for implementing the solution for the issue with glob-parent that was successfully incorporated into

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="92f5fefdf0bfe2f3e0f7fce6d2a7bca3bca0">[email protected]</a>
. There are multiple approaches to resolving this situation.

The first option entails upgrading from watchpack version 1 to watchpack version 2. Version 2 of watchpack does not rely on a susceptible version of glob-parent. Regrettably, the watchpack repository does not contain a CHANGELOG file, necessitating an alternative method for identifying pertinent modifications. It may be possible to rely on thorough test coverage or opt to use watchpack version 2 from the outset if your project is relatively new.

The second option involves determining whether watchpack is solely a development dependency and not utilized by the user-facing aspect of your application. In such cases, the warning may be disregarded, although I do not advise this approach. It is important to note that npm audit alerts can sometimes be misleading.

The third alternative is to apply the fix for the vulnerable glob-parent using the provided solution. However, caution must be exercised, as a thorough understanding of how npm functions is essential to prevent inadvertently undoing the fix. Therefore, this option is not recommended.

If feasible, upgrading to version 2.x of watchpack is the recommended course of action.

Answer №3

To fix the problem at hand, apply the specified overrides below

 "overrides": {
    "chokidar": "3.5.3",
    "glob-parent": "6.0.2"
  }

Insert the above code snippet into your package.json file and run npm update

Answer №4

To resolve the issue, simply update the dependencies for chokidar in your project:

npm install chokidar@latest --save-dev

If that doesn't solve the problem, consider updating glob-parent to the latest version. First, check the version you currently have installed:

npm list glob-parent

Then, update to the latest version:

npm install glob-parent@latest

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Obtaining the clicked element within a functional component in React

I'm having trouble in React because I am unable to select the clicked element. The use of "this" in a functional component is not functioning as expected. function Test(data) { function getElement() { } return ( <div> ...

Retrieving Vue data from parent components in a nested getter/setter context

<template> <div id="app"> {{ foo.bar }} <button @click="meaning++">click</button> <!--not reactive--> <button @click="foo.bar++">click2</button> </div> </templ ...

PHP AJAX Request Failing to Transfer Files

I am having trouble with sending files in a PHP AJAX Request: Here is the form code: <form class="frmContact" action="#" method="post"> <div class="col-md-6"> <input type="hidden" name="emailTo" id= ...

Error encountered while attempting to run the Android application using Cordova

While using Cordova 4.3.0 (the latest version), I encountered an error when running the following command: cordova run android The error message displayed was as follows: module.js:340 throw err; ^ Error: Cannot find module 'which&apo ...

Simple Way to Show API Output in Plain Text (Beginner Inquiry)

I'm a beginner when it comes to using APIs. I'm trying to display the plain text response from this URL on my webpage: However, I'm encountering issues with getting it to work. Here's my code: <script src="https://ajax.googleap ...

Modifying worldwide variables within an ajax request

After spending considerable time attempting to achieve the desired outcome, I am faced with a challenge. My goal is to append the object from the initial ajax call after the second ajax call. However, it appears that the for loop is altering the value to ...

Setting up routes in Vue 2.0 - Avoid using 'new' for any side effects caused

Currently, I am setting up a vue project using the webpack template (npm install init webpack). However, I am encountering an error in the terminal: ERROR in ./src/main.js ✘ http://eslint.org/docs/rules/no-new Do not use 'new' for side effe ...

No Backend Detected for Tensorflow.js in Node

I've been attempting to develop a Discord bot that utilizes the @tensorflow-models/qna library, but I've hit a roadblock for the past 4 hours. Every time I run the script below: const qna = require('@tensorflow-models/qna'); (async () ...

What is the technique for accessing the original function within a class using a proxy?

I attempted to monkey patch a function within my class using Proxy. Is there a way to access and execute the original function? class foo { x = 10; bar() { console.log({ x: this.x }); } } foo.prototype.bar = new Proxy(foo.prototype.bar, { ap ...

NPM Scope for private repository changes forward slash to "%2F"

Hey there, I'm trying to fetch a private npm package from a private repository using scopes and I've configured my .npmrc file like this: registry=https://registry.npmjs.org/ @myco:registry=https://nexus.myco.com/nexus/repository/ In addition, ...

Selenium - Activating a flash button

Currently, I am facing an issue while trying to load a URL using Selenium on Mozilla browser. The webpage contains a 'Login' button created in flash that I need to click on. I have explored the following resources: 1.How to click an element in Se ...

Can you show me how to access the elements of a JSON object named "foo.txt" and print them out?

Currently, I am working with JavaScript and JSON. My goal is to retrieve data from an API where objects contain specific details. Specifically, I need to display the details of an object named "foo.txt" which includes elements such as size, raw_url, conten ...

How can you use Dart to uncover the content within an H1 element on an HTML webpage?

I'm currently self-teaching mobile development with Dart and Flutter, and my current project involves connecting a mobile app to a website. I want to extract the text from an H1 tag that is loaded through JavaScript on the website and display it in th ...

You can disregard the first option in a multiple select box using jQuery

Imagine having multiple select boxes with the same options that are mutually exclusive. For instance, if Select Box A and Select Box B both have Option 1, Option 2, and Option 3, selecting Option 1 for Select Box A should make it unavailable in Select Box ...

Unveiling the power of Axios and Vue in fetching API data: The quest for

I've encountered a problem while trying to integrate my API with Vue/Axios. The issue arises when I attempt to store the data retrieved by Axios into an empty variable within the data object of my component. It throws an "undefined at eval" error. Can ...

The outcome varies between PHP Local Host and server environments

I have developed a script for searching lk domains. Below is the code: <form action="" method="GET"> <input type="text" name="dm" placeholder="Enter Domain Name"> </form> <?php if (isset($_GET["dm"])) { $domain = $_GET["dm ...

What is the process for creating and registering custom Handlebars functions?

Despite spending plenty of time searching, I am still unable to find detailed information on where exactly to place my custom handlebars helpers. Should they be added in a <script> tag within my webpage's .hbs file? Or should I include them in a ...

Google Maps API displaying empty spots instead of markers

I am facing an issue with my webpage where the Markers are not showing up, despite troubleshooting for many hours. The parsing php file has been confirmed to be working. Below is the code: <script src="https://maps.googleapis.com/maps/api/js">< ...

Recreating the rotation of an object within a rotated parent using Three.js

After constructing my 3D globe and placing it within a parent bounding box / pivot, the code looked like this: var globe = new THREE.Group(); if (earthmesh) {globe.add(earthmesh);}; if (linesmesh) {globe.add(linesmesh);}; if (cloudmesh) {globe.add(cloudmes ...

Issues with click events in the navigation menu

How can I make my menu close when clicking on other parts of my website, instead of opening? I know that I should use a click event for this, but when I implemented a click event, my menu encountered 2 unwanted problems: 1- Whenever I clicked on a menu i ...