I've just started a React project using npx create-react-app project. This installs all the relevant files and dependencies required for a react project but there were some vulnerabilities identified :
162 vulnerabilities (1 low, 122 moderate, 36 high, 3 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
However, upon running npm audit fix --force they still raised the following:
8 vulnerabilities (2 moderate, 6 high)
To address all issues (including breaking changes), run:
npm audit fix --force
Upon running npm audit fix --force again, I'm right back to where I'm started, with:
162 vulnerabilities (1 low, 122 moderate, 36 high, 3 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Is there a way to permanently remove all vulnerabilities or do I just have to live with 8 vulnerabilities instead of 162?
P.S.: I currently have Node.js v21.1.0 and npm v10.2.0. And this project is supposed to be a e-commerce website for an actual business that will have to handle payments so preferably, I don't want it to break due to some vulnerabilities if I could help it.
As mentioned by nbokmans:
In 2023, the Create React App tool was deprecated, which means that it was no longer being maintained. Create React App has been the go-to way to make a new React project, but it's been dethroned by a number of different alternatives.
Vite is an alternative:
npm create vite@latest my-react-app -- --template react
You can read more about it and see other alternatives here:
https://www.freecodecamp.org/news/how-to-create-a-react-app-in-2024/