# 8704. Security Vulnerability of Dependencies for Node.js AppNode.js

Tutorial for remove security vulnerabilities for node js apps.

## 1. Warning from GitHub

For some of the repositories on GitHub, we get the warning ‘We found a potential security vulnerability in one of your dependencies.’

## 2. Vulnerability Detection

Use ‘npm audit’ to scan your Node.js app and detect any security vulnerability. To use it, you must upgrade ‘npm’ to version 6.

npm install npm@latest -g


Go to the root folder of the app, run ‘npm audit’. It will list out the vulnerable dependencies.

npm audit


In the end, it shows the summary of the security vulnerabilities. In the example, we see there is one ‘high’ level vulnerability.

## 3. Removing Vulnerability

Run the following command to automatically install compatible updates to vulnerable dependencies. In the below example, it fixed 9 of 15 vulnerabilities.

npm audit fix


Run the command again, we see there are still 6 vulnerable dependencies. However, there is no ‘high’ level vulnerability anymore.

npm audit


• If you want to fix more vulnerabilities, you may run the following commands or fix them manually. For example, to fix the vulnerability in hoek package, just run ‘npm install hoek’ to install the latest version of hoek.
npm audit fix --force


Submit all the changes to GitHub, the warning should be gone.

## 4. Final Solution

# upgrade angular
npm install -g @angular/cli
ng update @angular/core
ng update @angular/cli --migrate-only --from=1.7.3
ng update