'With nestjs / node / npm project how to override a transitive dependency

I have a nestjs / node / npm project and trying to override a transitive dependency due to security vulnerability.

The project that seems to include it is:

"@nestjs/common": "7.6.18",

And that project includes axios 0.21.1, I want to upgrade to axios 0.21.2

In my package.json I tried using the overrides feature with the following.

},
"overrides": {
    "axios": "0.21.2"
},
"jest": {

But then I get this entry when I run npm list.

npm list --depth=4 

│ ├─┬ [email protected] invalid: "0.21.2" from node_modules/@nestjs/common

And only seems to include axios 0.21.2.

How do I upgrade a transitive dependency?

I am mostly using the nest wrappers:

nest build, etc

npm --version - 8.3.1

node --version - v17.4.0

node.jstypescriptnpmnestjs


Solution 1:[1]

You can try resolutions in npm -

{
  "resolutions": {
    "axios": "0.21.2"
  }
}

And then force to install it using preinstall.

"scripts": {
  "preinstall": "npx npm-force-resolutions"
}

https://www.npmjs.com/package/npm-force-resolutions

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 RobC

Related Questions