3 high and 1 critical vulnerablities when using gatsby new projectname #31659
Replies: 1 comment 1 reply
-
|
Hi! While those audit messages might seem scary it doesn't show the full picture of the individual package is affected as they are not sophisticated enough to check the actual code. While we're on a old version (and at some point we'll update) of some packages, I want to highlight that those messages won't affect your finished site as nothing of that is run on the client, only during development. You can ignore those as they are not relevant to Gatsby.
Gatsby is just React so any React package will work (albeit it must be ready for SSR). You can also have Create React App functionality if you use client-only paths: https://www.gatsbyjs.com/docs/how-to/routing/client-only-routes-and-user-authentication/ |
Beta Was this translation helpful? Give feedback.
-
|
Hey @LekoArts - I completely understand where you are coming from on this, and I mostly agree with the point. The problem we are having on my team is that we run Is there any ongoing discussion as to how to alleviate this? I'm wondering if the truly "dev" dependencies can be listed as such. I know if they are |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi there,
I am new to Gatsby.js and when I use gatsby new projectname to install.
It shows there are some high and critical vulnerabilities packages.
Is this OK?
I also want to ask another question here.
I just want to use Gatsby.js for my landing page and others using React.
I want to know does Gatsby.js often has conflicts with other React packages, like using Next.js?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions