found 12 vulnerabilities (3 low, 5 moderate, 4 high)
run `npm audit fix` to fix them, or `npm audit` for details

npm found security vulnerabilities in your dependencies. Most are in sub-dependencies you don’t control directly.

Fix 1: npm audit fix

# Auto-fix what's safe (non-breaking updates)
npm audit fix

# See what would change without applying
npm audit fix --dry-run

Fix 2: Force Fix (Breaking Changes)

# ⚠️ May upgrade major versions — can break things
npm audit fix --force

# Always test after force fixing
npm test
npm run build

Fix 3: Override a Sub-Dependency

// package.json — force a specific version of a nested dependency
{
    "overrides": {
        "vulnerable-package": "2.0.1"
    }
}

Then run npm install.

Fix 4: Ignore Dev-Only Vulnerabilities

# Only show production vulnerabilities
npm audit --omit=dev

# Most vulnerabilities are in devDependencies (build tools)
# These don't affect your deployed app

Fix 5: Update the Parent Package

# Find which package depends on the vulnerable one
npm audit
# Look for "fix available via" message

# Update that parent package
npm install parent-package@latest

Fix 6: Accept the Risk

Some vulnerabilities are theoretical or only exploitable in specific conditions. If npm audit fix can’t resolve it and the vulnerability doesn’t apply to your use case, document it and move on.

# Check vulnerability details
npm audit --json | jq '.vulnerabilities'

Related resources

• npm cheat sheet
• npm peer dependency error fix
• npm complete guide