Upgrading .net core angular template project

A quick way to start with angular and .net core is to run “dotnet new angular” command and you will have a fully functional angular frontend with asp.net core backend hooked up to it.

One issue with the template, however, is that it uses older web modules with vulnerabilities designated as high or critical. You should avoid hosting/running code with vulnerabilities and it’s something that you should fix. Not to mention the emails and warning badges on github that will popup if that’s where you are hosting the project.

A recommendation you see in the command line for fixing the issues is to run “npm audit fix”. I am not an npm expert, but something about the .net core’s template causes the resulting project to fail while building with esoteric errors that lead to nothing more than a bunch of yak shaving exercises.

The easiest way I found to fix the vulnerabilities is to do create a fresh angular project in a separate directory, copy over the package.json and then do the install. Basically this:

1. Create a new angular project in a separate directory that has the latest modules in use and thus no known vulnerabilities.
2. In your .net core project, ClientApp directory, blow out node_modules, remove package-lock.json
3. Replace package.json contents with the contents from the new application.
4. Run npm install in your existing app (or dotnet run)

Don’t forget to re-install the additional modules you might have added that don’t usually come with the template project.