ENOLOCK npm ERR! Error while running npm audit fix

I am trying to install GLOBALLY a package with npm from my home directory. After the install has completed, it indicates vulnerabilities. Upon trying to run npm audit fix, I obtain the following error.

npm ERR! code ENOLOCK npm ERR! audit This command requires an existing
lockfile. npm ERR! audit Try creating one first with: npm i
–package-lock-only npm ERR! audit Original error: loadVirtual requires existing shrinkwrap file

I understand that the error asks me to run npm i --package-lock-only, but in which directory should I be creating this file? Running the command without specifying a path does not work. I have also tried to create the file in the directory where the package was installed, but that has also not solved the issue. Also, why isn’t this file present to start with?

Thank you J.

Answer

npm audit fix is intended to fix vulnerabilities with the dependencies of your own project. Projects do have a package-lock.json file.

It is not intended for globally installed packages. If there are vulnerabilities with packages from others, they need to be fixed by the package maintainer in a new release. You can then update to this new release.

BTW, you should not use globally installed packages. Use npx instead.