Is it necessary to run npm audit fix?

3 replies
Last updated: Nov 7, 2020

Is it necessary to run npm audit fix on a starter template? These are vulnerabilities that are found in the tools used to create the site, not the site itself that is public-facing, right?

Nov 7, 2020, 7:24 PM

They tend to be in the dev servers and can mostly be ignored since what ends up on the internet is mostly static pages. That being said, we should generally try to ship these with the audit done so you don’t get the warnings :)

Nov 7, 2020, 9:06 PM

They tend to be in the dev servers and can mostly be ignored since what ends up on the internet is mostly static pages. That being said, we should generally try to ship these with the audit done so you don’t get the warnings :)

Nov 7, 2020, 9:06 PM

Right that’s what I thought, I build with the 11ty/Sanity starter template you guys made and there were a ton of reported vulnerabilities when I cloned the repo to WebStorm

Nov 7, 2020, 9:09 PM

Sanity.io: Get the most out of your content

Sanity.io is a platform to build websites and applications. It comes with great APIs that let you treat content like data. Give your team exactly what they need to edit and publish their content with the customizable Sanity Studio. Get real-time collaboration out of the box. Sanity.io comes with a hosted datastore for JSON documents, query languages like GROQ and GraphQL, CDNs, on-demand asset transformations, presentation agnostic rich text, plugins, and much more.

Don't compromise on developer experience. Join thousands of developers and trusted companies and power your content with Sanity.io. Free to get started, pay-as-you-go on all plans.