Skip to content

@microsoft/sp-build-web version 1.22.1 has vulnerable dependency #10613

New issue
New issue
Closed
Closed
@microsoft/sp-build-web version 1.22.1 has vulnerable dependency#10613
Labels
type:bug-suspectedSuspected bug (not working as designed/expected). See “type:bug-confirmed” for confirmed bugs.
@qfai

Description

@qfai
qfai
opened on Jan 28, 2026

Target SharePoint environment

other (enter in the "Additional environment details" area below)

What SharePoint development model, framework, SDK or API is this about?

💥 SharePoint Framework

Developer environment

Windows

What browser(s) / client(s) have you tested

  • 💥 Internet Explorer
  • 💥 Microsoft Edge
  • 💥 Google Chrome
  • 💥 FireFox
  • 💥 Safari
  • mobile (iOS/iPadOS)
  • mobile (Android)
  • not applicable
  • other (enter in the "Additional environment details" area below)

Additional environment details

  • SPFx version
    1.22.1
  • Node.js version
    22.22.0

Describe the bug / error

I create a project using microsoft/sp-build-web node package 1.22.1(latest) and use npm audit, it shows it has vulnerability

Steps to reproduce

  1. create a node project
    2.reference microsoft/sp-build-web package in package.json
  2. npm install
  3. npm audit

Expected behavior

expect no vulnerability when npm audit

Metadata

Metadata

Assignees

No one assigned

    Labels

    type:bug-suspectedSuspected bug (not working as designed/expected). See “type:bug-confirmed” for confirmed bugs.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions