Skip to main content

react-scripts and npm audit

Written by michael

Running the npx script create-react-app installs the react-scripts module when it does its work, but the various scripts therein often have one or more vulnerabilities in them, according to npm audit. This is a bit distracting, because you would normally never want to see any warnings or errors from an audit, especially when you haven’t even written any code.

People regularly report these problems to the create-react-app developers, but it turns out to be unnecessary in most cases. The developers close most of the reports, with the following explanation.

The npm audit tool runs over all of the installed npm modules that you have, but it really only needs to be run against the code that would run in production, not all of the npm modules. It’s not really a denial-of-service vulnerability, for example, if a module only executes when you occasionally run it during development on your machine. The react-scripts is just such a module of scripts, and it should be excluded from both production dependencies and production audits.

For the first, in your package.json file, move react-scripts from the dependencies section to a new section called devDependencies:

"devDependencies" : {
    "react-scripts" : "4.0.3"
}

Then, when you run your audit, specify the –production option:

npm audit --production

Hopefully, if you’re running a modern version of the modules, your audit should be clean after these changes.

dailygrind, Uncategorized, utilities

Windows Pointer Schemes

Written by michael

As increasing numbers of applications provide the dark mode color scheme that I prefer, I have sometimes found that the standard black pointer caret can become nearly invisible against a dark background. I’ve gone crazy looking for color overrides in those applications with no success, but I recently found a mention somewhere about changing the pointer scheme in Windows to use icons that are more compatible with dark colors.

For every Windows box I have ever used, I have used the default mouse pointer and caret options. It never even occurred to me that there might be other icon sets, called schemes, that you could use instead.

Sure enough, if you open the Mouse Properties dialog in Windows, and select the Pointers tab, you will see a bunch of alternative pointer schemes. Some of these, notably the Windows Black variants, work really well on dark backgrounds. They do this by surrounding the black pointers and carets with an outline of white. When you are over a standard white background, you simply see the the black cursor. But, over a dark background, the white clearly stands out. My problem has been solved!

dailygrind, Uncategorized