#MedusaJS Starter Default relies on a vulnerable version of Vite along with Lodash.

2 messages · Page 1 of 1 (latest)

runic moon Nov 30, 2025, 5:39 AM

I am following the Starter Default tutorial and I have noticed that when I run “npm audit” I find that Medusa uses vulnerable versions of Vite (due to Esbuild) and Lodash.

How can this be resolved?

torpid vale Nov 30, 2025, 10:37 AM

Upgrade it in package?