Help with npm install in RESTful Restaurants - Connecting Backend to Frontend

I’m trying to install dependencies on the boilerplacte code given by codecademy, but they don’t install due to critical vulnerabilities.
I can’t find a fix on google.
I have tried to update the dependencies to the latest versions with no success .
The given solution code has the same issues .

Code here :
1 initial boilerplate for backend

{
  "name": "backend",
  "version": "0.0.0",
  "private": true,
  "scripts": {
    "start": "nodemon ./bin/www"
  },
  "dependencies": {
    "cookie-parser": "~1.4.4",
    "cors": "^2.8.5",
    "debug": "~2.6.9",
    "express": "~4.16.1",
    "morgan": "~1.9.1",
    "nodemon": "^2.0.13",
    "uuid": "^8.3.2"
  }
}

2 running npm install

npm install
(node:12516) [LRU_CACHE_OPTION_maxAge] DeprecationWarning: The maxAge option is deprecated. Please
use options.ttl instead.
(Use node --trace-deprecation ... to show where the warning was created)
(node:6436) [LRU_CACHE_OPTION_maxAge] DeprecationWarning: The maxAge option is deprecated. Please use options.ttl instead.
(Use node --trace-deprecation ... to show where the warning was created)
up to date, audited 273 packages in 5s
25 packages are looking for funding
run npm fund for details
19 vulnerabilities (1 low, 9 moderate, 6 high, 3 critical)
To address issues that do not require attention, run:
npm audit fix
Some issues need review, and may require choosing
a different dependency.
Run npm audit for details.

3. running npm audit

npm audit
(node:6712) [LRU_CACHE_OPTION_maxAge] DeprecationWarning: The maxAge option is deprecated. Please use options.ttl instead.
(Use node --trace-deprecation ... to show where the warning was created)
(node:5688) [LRU_CACHE_OPTION_maxAge] DeprecationWarning: The maxAge option is deprecated. Please use options.ttl instead.
(Use node --trace-deprecation ... to show where the warning was created)
npm audit report
bl <1.2.3
Severity: moderate
Remote Memory Exposure in bl - Remote Memory Exposure in bl · CVE-2020-8244 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/bl
request 2.16.0 - 2.86.0
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of qs
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of tunnel-agent
node_modules/request
phantomjs >=1.9.20
Depends on vulnerable versions of extract-zip
Depends on vulnerable versions of request
node_modules/phantomjs
casperjs *
Severity: high
Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs - Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs · CVE-2020-7679 · GitHub Advisory Database · GitHub
No fix available
node_modules/casperjs
concat-stream 1.5.0 - 1.5.1
Severity: moderate
Memory Exposure in concat-stream - Memory Exposure in concat-stream · GHSA-g74r-ffvr-5q9f · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/concat-stream
extract-zip <=1.6.7
Depends on vulnerable versions of concat-stream
Depends on vulnerable versions of debug
Depends on vulnerable versions of mkdirp
node_modules/extract-zip
phantomjs >=1.9.20
Depends on vulnerable versions of extract-zip
Depends on vulnerable versions of request
node_modules/phantomjs
cryptiles <=4.1.1
Severity: critical
Insufficient Entropy in cryptiles - Insufficient Entropy in cryptiles · CVE-2018-1000620 · GitHub Advisory Database · GitHub
Depends on vulnerable versions of boom
fix available via npm audit fix
node_modules/cryptiles
hawk <=9.0.0
Depends on vulnerable versions of boom
Depends on vulnerable versions of cryptiles
Depends on vulnerable versions of hoek
Depends on vulnerable versions of sntp
node_modules/hawk
request 2.16.0 - 2.86.0
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of qs
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of tunnel-agent
node_modules/request
phantomjs >=1.9.20
Depends on vulnerable versions of extract-zip
Depends on vulnerable versions of request
node_modules/phantomjs
debug <2.6.9
Regular Expression Denial of Service in debug - Regular Expression Denial of Service in debug · CVE-2017-16137 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/extract-zip/node_modules/debug
extract-zip <=1.6.7
Depends on vulnerable versions of concat-stream
Depends on vulnerable versions of debug
Depends on vulnerable versions of mkdirp
node_modules/extract-zip
phantomjs >=1.9.20
Depends on vulnerable versions of extract-zip
Depends on vulnerable versions of request
node_modules/phantomjs
hawk <=9.0.0
Severity: critical
Uncontrolled Resource Consumption in Hawk - Uncontrolled Resource Consumption in Hawk · CVE-2022-29167 · GitHub Advisory Database · GitHub
Depends on vulnerable versions of boom
Depends on vulnerable versions of cryptiles
Depends on vulnerable versions of hoek
Depends on vulnerable versions of sntp
fix available via npm audit fix
node_modules/hawk
request 2.16.0 - 2.86.0
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of qs
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of tunnel-agent
node_modules/request
phantomjs >=1.9.20
Depends on vulnerable versions of extract-zip
Depends on vulnerable versions of request
node_modules/phantomjs
hoek <4.2.1
Severity: moderate
Prototype Pollution in hoek - Prototype Pollution in hoek · CVE-2018-3728 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/hoek
boom <=3.1.2
Depends on vulnerable versions of hoek
node_modules/boom
cryptiles <=4.1.1
Depends on vulnerable versions of boom
node_modules/cryptiles
hawk <=9.0.0
Depends on vulnerable versions of boom
Depends on vulnerable versions of cryptiles
Depends on vulnerable versions of hoek
Depends on vulnerable versions of sntp
node_modules/hawk
request 2.16.0 - 2.86.0
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of qs
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of tunnel-agent
node_modules/request
phantomjs >=1.9.20
Depends on vulnerable versions of extract-zip
Depends on vulnerable versions of request
node_modules/phantomjs
sntp 0.0.0 || 0.1.1 - 2.0.0
Depends on vulnerable versions of hoek
node_modules/sntp
lodash <=4.17.20
Severity: high
Prototype Pollution in lodash - Prototype Pollution in lodash · CVE-2020-8203 · GitHub Advisory Database · GitHub
Command Injection in lodash - Command Injection in lodash · CVE-2021-23337 · GitHub Advisory Database · GitHub
No fix available
node_modules/lodash
oauth2-server <=3.1.1
Depends on vulnerable versions of lodash
node_modules/oauth2-server
minimist <=1.2.5
Severity: critical
Prototype Pollution in minimist - Prototype Pollution in minimist · CVE-2021-44906 · GitHub Advisory Database · GitHub
Prototype Pollution in minimist - Prototype Pollution in minimist · CVE-2020-7598 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/mkdirp
extract-zip <=1.6.7
Depends on vulnerable versions of concat-stream
Depends on vulnerable versions of debug
Depends on vulnerable versions of mkdirp
node_modules/extract-zip
phantomjs >=1.9.20
Depends on vulnerable versions of extract-zip
Depends on vulnerable versions of request
node_modules/phantomjs
oauth2-server <=3.1.1
Severity: high
Code Injection in oauth2-server - Code Injection in oauth2-server · CVE-2017-18924 · GitHub Advisory Database · GitHub
Depends on vulnerable versions of lodash
No fix available
node_modules/oauth2-server
qs <6.0.4
Severity: high
Prototype Pollution Protection Bypass in qs - Prototype Pollution Protection Bypass in qs · CVE-2017-1000048 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/request/node_modules/qs
request 2.16.0 - 2.86.0
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of qs
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of tunnel-agent
node_modules/request
phantomjs >=1.9.20
Depends on vulnerable versions of extract-zip
Depends on vulnerable versions of request
node_modules/phantomjs
request 2.16.0 - 2.86.0
Severity: high
Remote Memory Exposure in request - Remote Memory Exposure in request · CVE-2017-16026 · GitHub Advisory Database · GitHub
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of qs
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of tunnel-agent
fix available via npm audit fix
node_modules/request
phantomjs >=1.9.20
Depends on vulnerable versions of extract-zip
Depends on vulnerable versions of request
node_modules/phantomjs
tough-cookie <=2.3.2
Severity: high
Regular Expression Denial of Service in tough-cookie - Regular Expression Denial of Service in tough-cookie · CVE-2017-15010 · GitHub Advisory Database · GitHub
ReDoS via long string of semicolons in tough-cookie - ReDoS via long string of semicolons in tough-cookie · CVE-2016-1000232 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/tough-cookie
request 2.16.0 - 2.86.0
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of qs
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of tunnel-agent
node_modules/request
phantomjs >=1.9.20
Depends on vulnerable versions of extract-zip
Depends on vulnerable versions of request
node_modules/phantomjs
tunnel-agent <0.6.0
Severity: moderate
Memory Exposure in tunnel-agent - Memory Exposure in tunnel-agent · GHSA-xc7v-wxcw-j472 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/tunnel-agent
request 2.16.0 - 2.86.0
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of qs
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of tunnel-agent
node_modules/request
phantomjs >=1.9.20
Depends on vulnerable versions of extract-zip
Depends on vulnerable versions of request
node_modules/phantomjs
19 vulnerabilities (1 low, 9 moderate, 6 high, 3 critical)
To address issues that do not require attention, run:
npm audit fix
Some issues need review, and may require choosing
a different dependency.

This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.