5 high severity vulnerabilities - NPM v. 7.17.0

Taxick · June 11, 2021, 12:19pm

Hi

I have just updated my NPM version from npm 6 to 7 on my ghost installation.

The version I’m running now is: 7.17.0

I have used this command “sudo npm install -g npm@latest” to update NPM

But now if I running the command to update ghost-cli with this command: “sudo npm install -g ghost-cli@latest”

I get this warning:

sudo npm install -g ghost-cli@latest

changed 419 packages, and audited 420 packages in 11s

29 packages are looking for funding
run npm fund for details

5 high severity vulnerabilities

To address all issues (including breaking changes), run:
npm audit fix --force

Run npm audit for details.

The command “npm audit fix --force” doesn’t fix the warning!

Will I have to be worried about the warning? and what did it mean?

EDIT-1:

If I’m running this command: “npm audit” I’m getting this output
found 0 vulnerabilities

EDIT-2:

Ghost-CLI version: 1.17.3
Ghost version: 4.7.0 (at /var/www/ghost)
Node version: v14.17.0
Site: https://www.futurenode.dk

Thanks

Thomas

vikaspotluri123 · June 11, 2021, 4:53pm

In this specific instance, there’s no action required from you, some of the cli dependencies have reported security issues which may or may not actually impact the cli

Taxick · June 11, 2021, 5:10pm

Thanks

Topic		Replies	Views
Ghost-cli v1.27; npm vulnerabilities Self-hosting	6	167	February 19, 2025
Supported npm versions Developer help	3	364	March 4, 2021
Ghost-CLI wont update from 1.17.1 to 1.17.3! Developer help	13	1441	June 4, 2021
Unable to upgrade Ghost Self-hosting	5	105	January 7, 2025
Hoping for some server/site maintence pointers Self-hosting	0	338	March 17, 2023

5 high severity vulnerabilities - NPM v. 7.17.0

Related topics