https://community.esri.com/t5/arcgis-experience-builder-questions/npm-audit-and-vulnerabilities/m-p/1701187#M23281 <P>Hi</P><P>Following the installation guide for Experience Builder Developer Edition, after a fresh <FONT color="#808080"><FONT color="#999999">npm ci</FONT> <FONT color="#000000">it's common to come across audit warnings (sometimes including high/critical ones).</FONT></FONT></P><P><FONT color="#808080"><FONT color="#000000">What's the "recommended approach" in practice: leave the shipped dependency tree as-is&nbsp; or run an <FONT color="#999999">npm audit fix</FONT> / selective override on top of it ?</FONT></FONT></P><P>Would be interesting to hear how others using ExB Dev handle this in real-world setups.</P><P><FONT color="#808080"><FONT color="#000000">Thanks!</FONT></FONT></P> Mon, 11 May 2026 14:37:09 GMT AndreasEugster 2026-05-11T14:37:09Z https://community.esri.com/t5/arcgis-experience-builder-questions/npm-audit-and-vulnerabilities/m-p/1701187#M23281 <P>Hi</P><P>Following the installation guide for Experience Builder Developer Edition, after a fresh <FONT color="#808080"><FONT color="#999999">npm ci</FONT> <FONT color="#000000">it's common to come across audit warnings (sometimes including high/critical ones).</FONT></FONT></P><P><FONT color="#808080"><FONT color="#000000">What's the "recommended approach" in practice: leave the shipped dependency tree as-is&nbsp; or run an <FONT color="#999999">npm audit fix</FONT> / selective override on top of it ?</FONT></FONT></P><P>Would be interesting to hear how others using ExB Dev handle this in real-world setups.</P><P><FONT color="#808080"><FONT color="#000000">Thanks!</FONT></FONT></P> Mon, 11 May 2026 14:37:09 GMT https://community.esri.com/t5/arcgis-experience-builder-questions/npm-audit-and-vulnerabilities/m-p/1701187#M23281 AndreasEugster 2026-05-11T14:37:09Z