Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

JavaScript Express Basics Getting Started with Express Install Express

Diana Soriano
seal-mask
.a{fill-rule:evenodd;}techdegree
Diana Soriano
Python Development Techdegree Student 9,639 Points

I received an error in my terminal stating 6 vulnerabilities (1 low, 2 moderate, 3 high), Severity: high, fresh <0.5.2.

What does this mean? shall i stop installation?

2 Answers

Guillermo Gallo
seal-mask
.a{fill-rule:evenodd;}techdegree
Guillermo Gallo
Full Stack JavaScript Techdegree Student 8,518 Points

Hi Diana Soriano.

When you install dependencies for your projects this means you are downloading code that other developers have created and their code could have certain vulnerabilities or risks if they were not implemented properly or if you have an old version of the dependency installed.

What npm is telling you here is that it has scanned all of the dependencies that you have installed and has found that some of them have some vulnerabilities. These vulnerabilities could potentially put your website/project at risk if you decide to use these dependencies in their current state.

As Bella Bradbury pointed out, running the 'npm audit fix' command will instruct npm to try to fix these vulnerabilities automatically, however there will not always be an automatic fix, sometimes some manual intervention might be necessary and other times you will have to determine if the risk is low compared to the advantage of using that particular dependency and lastly there will be times when the project you are working on requires an old version of a dependency and therefore it cannot be updated even though it has a vulnerability.

Hopes this makes it more clear for you.