react-scripts 5.0.1 has a number of high-severity issues

[here-nerd]

Describe the bug

I ran an audit scanner (npx @sandworm/audit@latest) on react-scripts@5.0.1 and found a number of concerning issues. e.g. Deprecated packages concern me the most. e.g. https://www.npmjs.com/package/rollup-plugin-terser is no longer maintained. And there is a newer package for it.

Did you try recovering your dependencies?

Not applicable

Which terms did you search for in User Guide?

Not applicable

Environment

Not applicable

Steps to reproduce

1. npx create-react-app
2. npx @sandworm/audit@latest

Expected behavior

No issues detected by an audit scanner.

Actual behavior

A number of issues detected by sandworm:

Reproducible demo

Not applicable

[srcnalt]

Current version 5.0.1 uses nth-check@^1.0.2 which has high security vulnerability.

GitHub Dependabot message:

The latest possible version that can be installed is 1.0.2 because of the following conflicting dependencies:

react-scripts@5.0.1 requires nth-check@^1.0.2 via a transitive dependency on css-select@2.1.0
No patched version available for nth-check
The earliest fixed version is 2.0.1.

[plsdev89]

Having same issue.

[dave9123]

Try running npm i @svgr/webpack --save-dev

[jrjake]

These warnings are okay to ignore, see #11174

[wtfiwtz]

See #13337