If you have seen a similar message above, you know how annoying it is. Sometimes even if you run npm audit fix or npm audit fix — force, it won’t fix those. The main reason for that is npm audit is broken by design, and you might be seeing some false positives.
Then how should we check for real results?
- Create a free account in Snyk
- You don't need to connect to Github or Bitbucket. Just ignore it.
- Install Snyk globally with npm i -g snyk
- Sign in by running snyk auth
- Run snyk test to run tests
Let me know in the comments if you know better ways of going about these..
