I’m brand new to React and am wondering if I did something wrong when I installed it initially.

When I build a new React project it will run without issue but when I run an audit I get errors. If I run npm audit fix –force I get a number of warnings about various scripts being depricated and then I’m told that there are 8 vulnerabilities, 6 which are high. Is this something I need to address? To start the project I just ran npx create-react-app my_app. Below is all the output from running npm audit fix –force.

According to the package.json file I’m using verions 18.3.1 – “react”: “^18.3.1”,

npm audit fix –force
npm warn using –force Recommended protections disabled.
npm warn audit Updating react-scripts to 5.0.1, which is a SemVer major change.
npm warn deprecated @babel/[email protected]: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm warn deprecated @babel/[email protected]: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead.
npm warn deprecated @babel/[email protected]: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm warn deprecated @babel/[email protected]: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm warn deprecated @humanwhocodes/[email protected]: Use @eslint/config-array instead
npm warn deprecated @babel/[email protected]: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-terser
npm warn deprecated @humanwhocodes/[email protected]: Use @eslint/object-schema instead
npm warn deprecated [email protected]: Use your platform’s native DOMException instead
npm warn deprecated [email protected]: Please use @jridgewell/sourcemap-codec instead
npm warn deprecated [email protected]: [email protected]
npm warn deprecated [email protected]: It is not compatible with newer versions of GA starting with v4, as long as you are using GAv3 it should be ok, but the package is not longer being maintained

added 518 packages, removed 794 packages, changed 375 packages, and audited 1545 packages in 45s

261 packages are looking for funding
run npm fund for details

npm audit report

nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check – https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 – 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 – 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of resolve-url-loader
node_modules/react-scripts

postcss <8.4.31
Severity: moderate
PostCSS line return parsing error – https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
resolve-url-loader 0.0.1-experiment-postcss || 3.0.0-alpha.1 – 4.0.0
Depends on vulnerable versions of postcss
node_modules/resolve-url-loader

8 vulnerabilities (2 moderate, 6 high)

To address all issues (including breaking changes), run:
npm audit fix –force

I’ve tried looking up what would prevent npm audit fix –force from working. A few sites suggested deleting the node_modules folder and reinstalling but this is a brand new application. I tried this but it didn’t help. I did find one article that said that sometimes npm auid will find issues that we don’t need to be concerned with. If I can ignore these issues then I’m fine with that but it looks like there’s a lot that’s been depricated.