This is what I have got!!
PS C:My FilesSoftware Developmentnetflix-clone> npx create-react-app ./
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
Creating a new React app in C:My FilesSoftware Developmentnetflix-clone.
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
Installing packages. This might take a couple of minutes.
Installing react, react-dom, and react-scripts with cra-template...
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
added 1392 packages in 11m
194 packages are looking for funding
run `npm fund` for details
Initialized a git repository.
Installing template dependencies using npm...
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-resolve#deprecated
added 52 packages in 9s
194 packages are looking for funding
run `npm fund` for details
Removing template package using npm...
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
removed 1 package, and audited 1444 packages in 6s
194 packages are looking for funding
run `npm fund` for details
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Created git commit.
Success! Created netflix-clone at C:My FilesSoftware Developmentnetflix-clone
Inside that directory, you can run several commands:
npm start
Starts the development server.
npm run build
Bundles the app into static files for production.
npm test
Starts the test runner.
npm run eject
Removes this tool and copies build dependencies, configuration files
and scripts into the app directory. If you do this, you can’t go back!
We suggest that you begin by typing:
cd C:My FilesSoftware Developmentnetflix-clone
npm start
Happy hacking!
PS C:My FilesSoftware Developmentnetflix-clone>
This is what npm audit tells!
PS C:My FilesSoftware Developmentnetflix-clone> npm audit
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
# npm audit report
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
node_modules/react-scripts
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
PS C:My FilesSoftware Developmentnetflix-clone>
Here is what npm audit fix does!
PS C:My FilesSoftware Developmentnetflix-clone> npm audit fix
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
up to date, audited 1444 packages in 6s
194 packages are looking for funding
run `npm fund` for details
# npm audit report
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
node_modules/react-scripts
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
PS C:My FilesSoftware Developmentnetflix-clone>
On running npm audit fix --force, i end up getting even more number of vulnerabilities!
Thank You!!
7
Create React App was created by Dan Abramov. He’s written an excellent article about the issues with npm audit in create-react-app. It’s a good read and I learned a lot about packages, npm audit and create-react-app.
https://overreacted.io/npm-audit-broken-by-design/
TL;DR
You can ignore these security vulnerabilities.
3
Create React App is unmaintained and no longer recommended by React as a project starter. It will never receive updates to fix the audit issues.
It also does not work with React v19 or newer.
For reference see:
- Replace Create React App recommendation with Vite
- Archive the repository if the project is dead
- Will Create React App be updated in the future?
As at the time of writing (mid 2024) React recommends using a framework like
- Next.js
- Remix
- Gatsby
- Expo (for native apps)
These are all reasonably large, complex frameworks that aren’t very similar to the features provided by CRA.
Modern equivalents are:
- Vite
Not exhaustive, feel free to add more