Title: @wordpress/scripts vulnerability Last modified: July 19, 2024 --- # @wordpress/scripts vulnerability * Resolved [KJ Roelke](https://wordpress.org/support/users/kjroelke/) * (@kjroelke) * [1 year, 10 months ago](https://wordpress.org/support/topic/wordpress-scripts-vulnerability/) * Hi! * This is a continuation of a [previous support topic](https://wordpress.org/support/topic/wordpress-scripts-and-vulnerability-warnings/) because it has been marked “Closed to replies” but the issue still persists. * I’ve been running `@wordpress/scripts` v27.9.0 for a while (had to wait until WP 6.6 was released to update because of the missing `jsx-runtime-react` dependency. At that version, terminal responds with “5 high severity issues” that appear to stemming from `ws`,`puppeteer-core`, `lighthouse`, and `@wordpress/e2e-test- utils-playwright` peer dependencies. I had hoped/assumed this would be fixed in `@wordpress/scripts` v28, but it has not. * What I’ve tried: - Running `npm audit fix --force` downgrades `@wordpress/scripts` to v19.2.4, unsurprisingly causing 47 vulnerabilities. - Upgrading to 28.0, .1, and .2 individually did not resolve the issues. * I’m happy to break apart the package and do things myself, but I’m not familiar enough with webpack, prettier and eslint to recreate the core of what my team needs (start/build commands that “just work” and config files). Viewing 3 replies - 1 through 3 (of 3 total) * Moderator [threadi](https://wordpress.org/support/users/threadi/) * (@threadi) * [1 year, 10 months ago](https://wordpress.org/support/topic/wordpress-scripts-vulnerability/#post-17901611) * I would recommend you contact the Gutenberg team here with your request: [https://github.com/WordPress/gutenberg/issues](https://github.com/WordPress/gutenberg/issues) * If you consider the problem to be security-critical, please go here: [https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/](https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/) * Thread Starter [KJ Roelke](https://wordpress.org/support/users/kjroelke/) * (@kjroelke) * [1 year, 10 months ago](https://wordpress.org/support/topic/wordpress-scripts-vulnerability/#post-17903102) * Thanks! [I’ve submitted an issue here.](https://github.com/WordPress/gutenberg/issues/63771) * I’m not familiar enough with with the packages or `@wordpress/e2e-tests-utils- playwright` to say if it’s security critical, but for new(ish) devs, it’s not awesome having these errors thrown in your command line (or being notified via GitHub Dependabot). * For now, the only workaround I’ve found is to use the `overrides` parameter in the package.json file as so: * ```wp-block-code "overrides": { "ws": "^8.18.0", "lighthouse": "^12.1.0", "puppeteer-core": "^22.13.1"} ``` * [ingenieroleon](https://wordpress.org/support/users/ingenieroleon/) * (@ingenieroleon) * [1 year, 6 months ago](https://wordpress.org/support/topic/wordpress-scripts-vulnerability/#post-18121530) * KJ you are the best, the workaround is working like a charm. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘@wordpress/scripts vulnerability’ is closed to new replies. ## Tags * [node](https://wordpress.org/support/topic-tag/node/) * In: [Developing with WordPress](https://wordpress.org/support/forum/wp-advanced/) * 4 replies * 3 participants * Last reply from: [ingenieroleon](https://wordpress.org/support/users/ingenieroleon/) * Last activity: [1 year, 6 months ago](https://wordpress.org/support/topic/wordpress-scripts-vulnerability/#post-18121530) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics