close
postcss 7.0.0 - 8.2.9 Severity: moderate Regular Expression Denial of Service, postcss 7.0.0 - 8.2.9 severity moderate, 8.2.9 severity moderate regular expression, postcss 7.0.0 - 8.2.9 Severity: moderate Regular Expression Denial, severity moderate regular expression denial

[Solved] postcss 7.0.0 – 8.2.9 Severity: moderate Regular Expression Denial of Service

by

Hello Guys, How are you all? Hope You all Are Fine. Today When creating a new project under create-react-app, you get warnings straight away regarding a vulnerability found postcss 7.0.0 - 8.2.9 Severity: moderate Regular Expression Denial of Service in ReactJs. So Here I am Explain to you all the possible solutions here.

Without Wasting your time, Lets start This Article to Solve This Error.

Contents
  1. How postcss 7.0.0 - 8.2.9 Severity: moderate Regular Expression Denial of Service Error Occurs ?
  2. How To Solve postcss 7.0.0 - 8.2.9 Severity: moderate Regular Expression Denial of Service Error ?
  3. Solution 1
  4. Solution 2
  5. Solution 3
  6. Summery

How postcss 7.0.0 – 8.2.9 Severity: moderate Regular Expression Denial of Service Error Occurs ?

Today When creating a new project under create-react-app, you get warnings straight away regarding a vulnerability found in postcss.

my problem here is I can no longer run builds as they fail due to the vulnerability. The issue has been patched on postcss v8.2.10, but it’s still present when creating new projects as react-scripts hasn’t upgraded the dependency yet. this warning found in my stack track.

postcss 7.0.0 – 8.2.9 Severity: moderate Regular Expression Denial of Service

How To Solve postcss 7.0.0 – 8.2.9 Severity: moderate Regular Expression Denial of Service Error ?

Question: How To Solve postcss 7.0.0 – 8.2.9 Severity: moderate Regular Expression Denial of Service Error?
Answer: You may have to use npm-force-resolutions package to solve this error. To use resolutions you wrote you should force them by adding this script in package.json “scripts”: { “preinstall”: “npx npm-force-resolutions” } . after that run npm install and it should overwrite all nested dependencies

Solution 1

You may have to use npm-force-resolutions package to solve this error.

To use resolutions you wrote you should force them by adding this script in package.json

"scripts": {
  "preinstall": "npx npm-force-resolutions"
}

after that run npm install and it should overwrite all nested dependencies

Solution 2

By deleting the node_modules and package-lock.json and following your suggestion, I managed to get it working with no vulnerabilities – only problem in forcing this resolution is you get an error when running npm audit fix due to the package tree being invalid.

I guess we’ll have to wait for the patch, but at least this does temporarily. Alternatively, you can use yarn which works with the resolutions in the package.json

Solution 3

postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

Upgrade to version 8.2.10 or later

Summery

It’s all About this issue. Hope all solution helped you a lot. Comment below Your thoughts and your queries. Also, Comment below which solution worked for you?

Also Read

Leave a Comment