I created a new project via
vue create <project-name>
and I get this warning:
74 vulnerabilities (2 low, 59 moderate, 13 high)
To address issues that do not require attention, run: npm audit fix
To address all issues (including breaking changes), run: npm audit fix --force
I ran
npm audit fix
and npm audit fix --force
and it makes no difference.
I am new to web development, is it normal to have this many vulnerabilities?
Welcome to the world of JavaScript. This is legit and is mainly coming from the fact that the ecosystem is moving quickly.
Also, not all dependencies can always be upgraded to the latest (safest ones) if there are breaking changes (meaning that you need specific packages to be within a specific range to be used together).
Now, is it something that you need to worry about? Probably not since even the "high" vulnerabilities are not that critical (usually) and very specific cases. You could check the details but usually, you don't need to worry about it.
Also, the world of IT (and per-se the Web), is some huge cheese with a lot of holes. Don't bother trying to fix those and enjoy your development journey. Especially since your server or even human factor is still the weakest link anyway.