How to fix npm vulnerabilities manually?

Question

When I run npm install it says found 33 vulnerabilities (2 low, 31 moderate) run `npm audit fix` to fix them, or `npm audit` for details.

Answer 1

'npm audit fix' will increment the version of dependency in package.json which might lead to breaking of code. So better way is to open package-lock.json and updated the dependency/subdependency versions to required version. Maintain the package-lock.json in repository.

Sometimes vulnerabilities are from dev packages, In that case ignore those vulnerabilities as those are not getting picked up in the production.