Velvet Star Monitor

Standout celebrity highlights with iconic style.

general

Uncontrolled Resource Consumption in ansi-html

Writer Matthew Harrington

I am getting one of the High vulnerability in angular project is 'Uncontrolled Resource Consumption in ansi-html'.enter image description here

I have got few more such type of High vulnerabilities but those are fixed by adding 'resolutions' section under package.json file and under scripts section added "preinstall": "npx npm-force-resolutions". Which I had fixed those vulnerabilities came Patched in with version like 'Patched in │ >=4.0.1 ' . But this this came with 'No patch available'. So I am getting bit confuse to fix this. Does anyone have idea, how to fix this? Thanks

3 Answers

If you aren't using ansi-html directly but rely on dependencies that use it, you should instead set up a resolutions section in package.json. (You should never edit package-lock.json directly since it is regenerated every time you run npm install). You just need to provide a link to the tarball where you would normally specify the overriding version number. Your resolutions section of package.json should look like this:

"resolutions": { "ansi-html": ""
}

Please refer to this post for more details:

How to override a nested npm sub-dependency with a different package altogether (not just different package version number)?

Uncontrolled Resource Consumption in ansi-html (CVE-2021-23424) is a vulnerability that won’t be fixed by the project’s author, since it’s been abandoned and there won’t be a patched version of ansi-html.

You just have to go to package-lock.json and find the line with:

"ansi-html": { "version": "0.0.7", "resolved": "", "integrity": "sha1-gTWEAhliqenm/QOflA0S9WynhZ4="

And replace with this:

"ansi-html-community": { "version": "0.0.8", "resolved": "", "integrity": "sha512-1APHAyr3+PCamwNw3bXCPp4HFLONZt/yIH0sZp0/469KWNTEy+qN5jQ3GVX6DMZ1UXAi34yVwtTeaG/HpBuuzw=="

And this line in the same file:

"dependencies": { "ansi-html": "^0.0.7",

Replace with:

"dependencies": { "ansi-html-community": "^0.0.8",

Then just type npm update and thats it.

You can get more info in this link.

And check the entire commit here.

1

Updating your Angular to the latest version (Angular 13 is the latest version for now) will solve your problem! Cheers!

2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Similar Journal

View All

What's the point of being lucky?

May 2026

Persona 3 Portable - 10/21 atm, reached tartarus – What do I do?

May 2026

Ability timers increasing when overused

May 2026

How do I complete the "Everyone's A Critic" mission?

May 2026