found 1 high severity vulnerability(angular material installation) #30250
Description
I tried to install angular material using npm install @angular/material --save but the result was:
npm WARN @angular/material@7.3.7 requires a peer of @angular/cdk@7.3.7 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.9 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.9: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
+ @angular/material@7.3.7
updated 1 package and audited 42613 packages in 16.398s
found 1 high severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
I also tried npm audit fix and got this result:
npm WARN @angular/material@7.3.7 requires a peer of @angular/cdk@7.3.7 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.9 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.9: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
up to date in 7.989s
fixed 0 of 1 vulnerability in 42613 scanned packages
1 vulnerability required manual review and could not be updated
Then I tried nmp audit and this is the result:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Arbitrary File Overwrite
Package tar
Patched in >=4.4.2
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > node-sass > node-gyp > tar
More info https://nodesecurity.io/advisories/803
found 1 high severity vulnerability in 42613 scanned packages
1 vulnerability requires manual review. See the full report for details.
Why do I get this error and how can I fix it?