`npm audit fix` breaks build
notramo opened this issue · comments
notramo commented
A security fix breaks the build of the site.
- Generate a package lock file by installing a library, e.g.
stylus
, or just generate it without installing any package:npm i --package-lock-only
npm
will warn you about a security vulnerability found in Svelte - Run
npm audit fix
- The build fails without explanation. The fix is a minor semver bump, so it shouldn't cause breaking changes.
The error message is nonsense, and even worse, the failed build is served by plenti serve
, so it's harder to notice.
I have spent at least an hour debugging it, because I noticed it too late, after I have modifyed bigger amount of code. I couldn't find it with git bisect
, because I didn't reinstall the dependencies.