Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hello Everyone,
I am fairly new to the world of NPM and have not come across this before and am wondering what I do and how to fix it.
I just installed a brand new laravel using laravel new galaxy and then straight away went and installed tailwindcss which i want to use for this project.
I am getting NPM vulnerability issues though and don't know what i should do to fix them? Or do I wait for an update to tailwind?
➜ galaxy npm install tailwindcss
+ [email protected]
updated 1 package and audited 17633 packages in 8.407s
found 4 high severity vulnerabilities
run `npm audit fix` to fix them, or `npm audit` for details
➜ galaxy npm audit fix
up to date in 5.716s
fixed 0 of 4 vulnerabilities in 17633 scanned packages
4 vulnerabilities required manual review and could not be updated
These are all to do with Prototype Pollution and lodash
These are probably just vulnerabilities in your current node_modules folder that were detected when adding Tailwind, not vulnerabilities coming from Tailwind itself. Tailwind itself right now has no dependencies with vulnerabilities according to our security alerts on GitHub.
Try updating all of your own dependencies to see if the problem goes away.
Thanks for replying @adamwathan i just updated lodash manually and all good now
Please or to participate in this conversation.