Hi, I setup a new project using expo v5.4.3 and node v16.15.0 but I am getting error with some of expo’s dependency. Is there a way to resolve below error without a breaking change.

npm audit report

node-fetch <=2.6.6
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor · CVE-2022-0235 · GitHub Advisory Database · GitHub
The size option isn’t honored after following a redirect in node-fetch - The `size` option isn't honored after following a redirect in node-fetch · CVE-2020-15168 · GitHub Advisory Database · GitHub
fix available via npm audit fix --force
Will install expo@1.0.0, which is a breaking change
node_modules/node-fetch
isomorphic-fetch 2.0.0 - 2.2.1
Depends on vulnerable versions of node-fetch
node_modules/isomorphic-fetch
fbjs 0.7.0 - 1.0.0
Depends on vulnerable versions of isomorphic-fetch
node_modules/fbjs
fbemitter 2.0.3 - 3.0.0-alpha.1
Depends on vulnerable versions of fbjs
node_modules/fbemitter
expo 14.0.0 - 44.0.6
Depends on vulnerable versions of fbemitter
node_modules/expo

5 high severity vulnerabilities

To address all issues (including breaking changes), run:
npm audit fix --force

here’s a good blog post from Dan Abramov, one of the maintainers of React, on why this information is not useful: https://overreacted.io/npm-audit-broken-by-design/

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.