If you’re working in Angular, you may have seen 2 new security vulnerabilities that require you to update the tree-kill package to version 1.2.2 or later. Unfortunately, the usual commands, “npm audit fix” nor “npm update tree-kill” won’t work. (Those commands will update your package.json file but not your package-lock.json file.)
Thanks to saleem on stackoverflow, below is the solution that will fix your vulnerabilities.
Solution
- Type “npm uninstall tree-kill”
- Go to node_modules -> @angular-devkit -> package.json and update the tree-kill version to 1.2.2
- Go to node_modules -> @ngtools/webpack -> package.json and update the tree-kill version to 1.2.2
- Type “npm install”