npm install xlsx (latest version 0.18.5)--> 1 high severity vulnerability #3098
Labels
No Label
DBF
Dates
Defined Names
Features
Formula
HTML
Images
Infrastructure
Integration
International
ODS
Operations
Performance
PivotTables
Pro
Protection
Read Bug
SSF
SYLK
Style
Write Bug
good first issue
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: sheetjs/sheetjs#3098
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
When I try to install xlsx, I got 1 high severity vulnerability
I am not able to fix via
npm audit fix --force
Please let me know, How can I fix this
https://docs.sheetjs.com/docs/getting-started/installation/nodejs#legacy-endpoints covers some details, but here is a more direct list of steps. We will expand the docs section in the future.
Run the following command:
It will print information explaining why the
xlsx
library is loaded.If the library is a direct dependency, you will see a line like
If the library is in a dependency chain (required by another library), then you will see an tree whose leaves are the libraries that your project directly depends on.
For example,
gatsby-transformer-excel
depends onxlsx
and the tree looks likeIf the library is a direct dependency
If you are indirectly using the library (a dependency of a dependency):
npm why xlsx
and identify each module that depends on the library. The lines will end withfrom the root project
.On Linux and macOS, you can use
grep
:For example, in a GatsbyJS project using
gatsby-transformer-excel
:package.json
:Using the GatsbyJS example: