Skip to content
- Courses
- DSA to Development
- Newly Launched!
- For Working Professionals
- For Students
- GATE Exam Courses
- All Courses
- Tutorials
- Data Structures & Algorithms
- DSA for Beginners
- Data Structures
- Algorithms
- Complete DSA Tutorial
- Competitive Programming
- Company Wise SDE Sheets
- DSA Cheat Sheets
- Top 100 DSA Interview Questions Topic-wise
- 100 Days of Code
- Python
- ML & Data Science
- Machine Learning
- Data Science Tutorial
- Data Science Packages
- Data Visualization
- Data Analysis
- Deep Learning
- NLP Tutorial
- OpenCV Tutorial
- Interview Questions
- System Design
- Interview Corner
- Languages
- Web Development
- HTML
- CSS
- JavaScript
- TypeScript
- ReactJS
- Node.js
- PHP
- AngularJS
- jQuery
- Web Development Using Python
- Web Design
- 100 Days of Web Development
- CS Subjects
- DevOps And Linux
- School Learning
- GATE
- GeeksforGeeks Videos
- Data Structures & Algorithms
- Jobs
- Practice
- All DSA Problems
- Problem of the Day
- Company Wise Coding Practice
- GfG SDE Sheet
- Practice Problems Difficulty Wise
- Language Wise Coding Practice
- Curated DSA Lists
- Contests
-
- Full Stack Course
- NodeJS Tutorial
- NodeJS Exercises
- NodeJS Assert
- NodeJS Buffer
- NodeJS Console
- NodeJS Crypto
- NodeJS DNS
- NodeJS File System
- NodeJS Globals
- NodeJS HTTP
- NodeJS HTTP2
- NodeJS OS
- NodeJS Path
- NodeJS Process
- NodeJS Query String
- NodeJS Stream
- NodeJS String Decoder
- NodeJS Timers
- NodeJS URL
- NodeJS Interview Questions
- NodeJS Questions
- Web Technology
Last Updated : 05 Apr, 2024
Summarize
Comments
Improve
Node Package Manager(npm) is a package manager provided by NodeJS which is a JavaScript runtime environment. Using npm you can add packages to your project. When you install any package you get the count of security vulnerabilities, this vulnerabilities are exposed weaknesses that can be a security threat by attackers.
We will discuss How to Fix Security Vulnerabilities with NPM:
Table of Content
- Getting an audit
- Inspecting and fixing the vulnerabilities
- Common Types of Issues
- Best Practices for Management
- Automated Tools for Detection
- Updating and Patching
- Access Controls
- Monitoring Advisories
Getting an audit
Use the npm audit command in your project directory. This will scan your project’s dependencies for possible security vulnerabilities.
Example: To get a report of vulnerabilities run the npm audit command and you will get the results as follows:
npm audit command result
Inspecting and fixing the vulnerabilities
To fix the problems you can use the following methods:
- Automatic update: Use
npm audit fix
to automatically update vulnerable dependencies to patched versions.Be cautiousas this might cause compatibility issues due to breaking changes in newer versions. - Manual update: Review the report and update specific dependencies. You can update to minor or patch versions to potentially address only the vulnerabilities and minimizing possible breaking changes.
- Use
npm update <package-name>
command to update to the latest version of the package. - Use npm install <package-name>@<version-number> command to replace that particular package to the specified version.
- Use
- Manual fix: For complex vulnerabilities or those requiring code changes, you might need to dive deeper. Check the vulnerable packages’ repository for existing fixes or raise an issue if one doesn’t exist.
Example: To fix the vulnerabilities using automatic update run the npm audit fix command and you will get results as follows:
See AlsoA Note on Permissions | Introductionnpm start Not Working? Here is What You Need to DoWhy you need npm audit | Packagecloud BlogNPM Security - OWASP Cheat Sheet Seriesnpm audit fix command result
Common Types of Issues
The various common security issues are:
- Denial of Service (DoS): A vulnerable package can be used to crash your site or consume excessive resources which leads to users unable to use your services.
- Malicious Prototype: If a package is open sourced attackers can make changes into a trusted package’s prototype to inject malicious code.
- Cross-Site Scripting (XSS): Sometimes vulnerable using package can allow attacker to run malicious script into trusted sites in intention to stealing of user data.
- Similar Packages: The attackers can publish malicious packages with names similar to original ones thus tricking the developers into installing them and resulting in addition of malicious code or some kind of backdoor into there code.
Best Practices for Management
Some practices that should be followed to manage security vulnerabilities are:
- Have frequent Audits: You can use npm audit command to frequently scan your project for packages with vulnerabilities. This will ensure your project have no vulnerabilities and if it’s there then follow the above steps to fix it.
- Check before Updating: You should always check the update notes referred in the audit before updating because updating carelessly can have breaking changes for your project.
- Documentation: Always document the version of packages before and after changes and if possible copy the package.json file before every change to ensure that you always have a backup of working dependencies information.
- Testing for Changes: You must test for the expected behaviors in the parts of your project where the dependencies that you updated is used. After update testing makes sure there is no breaking changes in your project.
The various automated tools for detection and fixing of security vulnerabilities are:
- Snyk: The tool offers free and paid plans to scan for vulnerabilities and automate patching in your code, open-source dependencies, and containers.
- WhiteSource Bolt: It runs on GitHub and on Azure DevOps, scanning your projects and provide real-time vulnerability detection and find security issues in your project or dependencies.
- JFrog: It provides end to end solution for your npm packages management and deployment but it also does vulnerability analysis which allows to check for possible vulnerabilities.
Updating and Patching
The ways for updating the packages for patching the security vulnerabilities are:
- Using the audit fix: You can use the npm audit fix command to automatically update all vulnerable packages to the fixed version but use it if all fully confident about the changes because updating packages can lead to breaking changes.
- Using npm update: You can update all the dependencies of your project to the latest version using the npm update command but be careful as it may bring breaking changes. If you want to update individual package just add the package name in the end of the command i.e npm update <package_name>.
Access Controls
You can also add access controls to control who can install, publish, and modify npm packages. Some ways to implement access controls are:
- Restrictions: You can add restriction in user account management on your development machines or package managers such that only selected members who have permission can use npm install, npm publish, or other npm commands.
- Multi-Factor Authentication (MFA): You can add MFA to you npm account to add extra layers of security by requiring a other verification factor along with username and password.
- Private Packages: You can create private packages for personal, team or for a whole organization and these packages can be used by developers who are having read/write access.
- Permission Management Tools: You can also permission management tools such as Verdaccio. These tools allows users or organization to control access to to private NPM packages through configuration files.
Monitoring Advisories
Mostly package managers finds possible security vulnerabilities in their packages and fixes it in a newer version and also notify it, so to monitor this announcements you can follow the respective methods:
- Subscribe to security advisories: You can subscribe for security advisories from npm itself or other security providers like Snyk or WhiteSource. They provide notification or have web pages to keep you informed about possible vulnerabilities of packages.
- Automate Vulnerability Scanning: You can integrate automated vulnerability scanning tools like Jfrog into your CI/CD pipeline. This makes sure your project vulnerabilities are identified as early as possible.
- Personally view the advisories: You can personally check regular reviews of security advisories to identify and check for package vulnerabilities and fixing them thus only focusing on the packages you are using.
Please Login to comment...
Similar Reads
Difference between npm i and npm ci in Node.js
The following difference covers how npm i and npm ci command are different from each other and their functioning. The npm which is called a node package manager which is used for managing modules needed for our application. npm i: The npm i (or npm install) is used to install all dependencies or devDependencies from a package.json file. Syntax: npm
2 min read
Difference between npm install and npm update in Node.js
NPM is like a powerhouse for Node.js that contains all the necessary modules for the smooth running of the node.js application. It gets installed on our machine when we install Node.js on our Windows, Linux or MAC OS. How to install Node on the machine? Refer to this article. NPM has 580096 registered packages. The average rate of growth of this nu
5 min read
How to solve npm error npm ERR! code ELIFECYCLE ?
In order to solve the "npm ERR! code ELIFECYCLE " error which is a very common type of error that occurs during npm operation on our command prompt or terminal such as installing npm or an npm package, follow the steps given below : Terminal output of the error : Follow below steps to fix the error : Step 1 : In our first step we will try cleaning
2 min read
How to Get a List of Globally Installed NPM Packages in npm ?
Learning how to retrieve a list of globally installed NPM packages is essential for developers managing their Node.js environment. Utilizing npm, the Node Package Manager, enables users to efficiently manage packages across projects. This article will guide you through getting access to global NPM packages, which will further help you to enhance yo
2 min read
Axios npm - How to Install Axios npm in Terminal?
Axios is a popular JavaScript library for making HTTP requests in web applications. It simplifies the process of sending asynchronous requests and handling responses. It is commonly used with Node.js and in browser-based projects and can be installed via NPM (Node Package Manager). In this article, we will explore the step-by-step process of instal
2 min read
npm cache clean - How to Clear the Cache in NPM ?
Clearing the cache in NPM (Node Package Manager) is very important. It helps to resolve various issues and ensures smooth functioning of the Node.js projects. The NPM cache stores downloaded packages and their metadata, which can sometimes become corrupted or outdated, leading to installation problems, dependency conflicts, or other issues. Table o
5 min read
Remove NPM - npm uninstall
To remove npm (Node Package Manager) from your macOS system, you can't use npm uninstall since npm itself doesn't support uninstalling itself. Instead, you need to remove it manually along with Node.js. Table of Content What is NPM?What is NPM remove?Installing a package using npmUninstalling a Package using npmRemove npmRemove a Dev DependencyWhat
2 min read
How to Fix npm path in Windows 8 and 10 ?
Node Package Manager (npm) is a package manager for managing dependencies and packages in Node.js projects. However, users often encounter issues with npm commands not being recognized in Windows 8 and 10 due to path configuration problems. In this article, we'll discuss the following approaches to fix the npm path issue. Table of Content NodeJS no
2 min read
How to Fix "npm ERR! code ENOENT" Error?
You will see the error message “npm ERR! code ENOENT syscall open” if you try to run an npm command outside your project root folder. To resolve this error, first, make sure you are in your project’s root directory before running the command or generating a new package.json file in that directory. npm error code ENOENTnpm error syscall opennpm erro
2 min read
How to Fix npm ERR! code EINTEGRITY?
When working with Node.js and NPM we might see various errors that can be confusing and interrupt development workflow. One such error is npm ERR! code EINTEGRITY. This error typically arises due to the integrity checks failing during the installation of the NPM packages. The npm ERR! code EINTEGRITY error occurs when there is a mismatch between th
3 min read
How To Fix “npm err! missing script: start”?
While working on a Node.js project sometimes we encounter an error "npm ERR! missing script: start". This error message appears when we try to start your application but something is missing or misconfigured in our project. This is a common issue and can be fixed very easily with very few steps. In this article, we are going to learn why this error
3 min read
How to prevent the Common Vulnerabilities in JavaScript ?
In this article, we will see the Preventing Common Vulnerabilities in JavaScript. Before we proceed, we will first understand the list of most common Vulnerability attacks, & then will understand the various approaches to resolve those Vulnerability attacks. Finally, we will understand the concept with the help of basic illustrations. Table of
4 min read
How to Scan Your WordPress Website for Vulnerabilities?
Securing your WordPress website against potential vulnerabilities is crucial to maintaining its integrity and protecting sensitive data. Regular vulnerability scanning is an essential part of this process, as it allows you to identify and address potential security risks before they can be exploited by malicious actors. In this comprehensive guide,
3 min read
Steps to Create and Publish NPM packages
In this article, we will learn how to develop and publish your own npm package (also called an NPM module). There are many benefits of NPM packages, some of them are listed below: Reusable codeManaging code (using versioning)Sharing code The life-cycle of an npm package takes place like below: 1. Setup a Project: Setting up a project is required be
7 min read
How to use External Modules and NPM in a project ?
Need for External Modules: For a large JavaScript application, it becomes difficult and messy to write the whole code in just one JavaScript file. This is where CommonJS comes into the picture and this CommonJS format defines a module format that can be used up for breaking your JS application into multiple files. Node.js adopts this CommonJS forma
3 min read
ReactJS | Basics of ES, Babel and npm
What is ES? ES is an abbreviation used for ECMA Script. It is a standard for different scripting languages such as JS (JavaScript) made by ECMA. ECMA is an abbreviation used for European Computer Manufacturers Association. It is a standard organization based out of Switzerland which takes care of ES. ES11 (2020) is updated in June 2020 and its nome
2 min read
How to import SASS through npm ?
Introduction to SASS: SASS stands for 'Syntactically awesome style sheets'. It is an extension of CSS, that makes it easy to use variables of CSS, nested rules, inline import, and many other important features SASS has two syntax options: SCSS (Sassy CSS): It uses the .scss file extension and is fully compliant with CSS syntax. SASS: It uses .sass
3 min read
How to import LESS through npm ?
LESS stands for Leaner Style Sheets. It is a backward-compatible language extension for CSS. Web pages can be styled by writing appropriate code in a file with .less extension and then converting it in a CSS file. Steps to install LESS: Step 1: To install LESS, first make sure that node and npm are already installed in the system. If not, then inst
2 min read
Introduction to NPM scripts
NPM is a Node Package Manager. It is the world's largest Software Registry. This registry contains over 800,000 code packages. Many Open-source developers use npm to share software. Many organizations also use npm to manage private development. "npm scripts" are the entries in the scripts field of the package.json file. The scripts field holds an o
2 min read
What is the meaning of --save for NPM install ?
NPM (Node Package Manager) is the default package manager employed in JavaScript runtime environment in Node.js. It has a very frequently used command npm install [Package Name] --save. But the fact is there is no difference between npm install [Package Name] and npm install [Package Name] --save in the later version after npm 5.0.0 onwards. Before
3 min read
Node.js NPM arraybuffer-to-string Module
NPM(Node Package Manager) is a package manager of Node.js packages. There is an NPM package called arraybuffer-to-string used to decode array buffers in actual strings. The package not only converts the buffer to 'utf8' string but also it converts the buffer to many forms like base64 encoded string, a hex-encoded string that we use in many contexts
4 min read
Node.js NPM string-to-arraybuffer Module
NPM(Node Package Manager) is a package manager of Node.js packages. There is a NPM package called 'shortid' used to short non-sequential url-friendly unique ids. Command to install: npm install string-to-arraybuffer Syntax to import the package in local file const str2ab = require('string-to-arraybuffer') Syntax to convert string to an array buffer
5 min read
Node.js NPM shortid Module
NPM(Node Package Manager) is a package manager of Node.js packages. There is a NPM package called 'shortid' used to create short non-sequential url-friendly unique ids. By default, it uses 7-14 url-friendly characters: A-Z, a-z, 0-9, _-. It Supports cluster (automatically), custom seeds, custom alphabet. It Can generate any number of ids without du
6 min read
Node.js NPM uuid
NPM(Node Package Manager) is a package manager of Node.js packages. There is an NPM package called 'shortid' used to create short non-sequential url-friendly unique ids. Unique ids are created by Cryptographically-strong random values that's why it is very secure. It has support for cross-platform like Node, React Native, Chrome, Safari, Firefox, e
6 min read
How to install modules without npm in node.js ?
We can install modules required for a particular project in node.js without npm, the recommended node package manager using yarn. Yarn is a wonderful package manager. Like npm, if you have a project folder with package.json containing all the required dependencies mentioned for the project, you can use yarn to install all the dependencies. 1. How t
3 min read
How to list npm user-installed packages in Node.js?
What is Node.js? Node.js is an open source and cross-platform runtime environment for executing JavaScript code outside of a browser. Click here for more. What is npm? Here, "npm" stands for "Node Package Manager" which is the package manager for Node.js and serves as a command-line utility for interacting with the npm to install different online p
2 min read
How does NPM handle version conflicts ?
Consider a case where we have installed a module say A. Now we want to install another module called B and B depends on A but the problem is the version of A which is required by module B is different from the version of A installed at first. So how npm will handle this situation where our application depends on two different versions of module A.
3 min read
How to publish a ReactJS component to NPM ?
Follow these simple steps in order to publish your own ReactJS component to NPM. Step 1: Initial Setup In order to publish any ReactJS Component to npm (node package manager), first we have to create a React component in the React app. Following are the instructions for creating any react app. Create a React application using the following command:
3 min read
How to document NPM packages ?
In this article, we will see how to write the documentation of an NPM package. Documentation is an essential part of any NPM package because it gives an idea about the package method and how to use them. Good documentation makes your npm package popular npm packages. The Documentation of the npm package depends on many factors, see the step-by-step
2 min read
Describe the mechanism of NPM
NPM stands for Node Package Manager that is used to manage various dependencies of the node.js framework. It is a command-line tool that can be used to install, update and uninstall the node.js packages in the application. It acts as a repository for all the open-sources packages of the node.js framework. Anyone can contribute to this repository in
3 min read
Article Tags :
Trending in News
- OpenAI o1 AI Model Launched: Explore o1-Preview, o1-Mini, Pricing & Comparison
- How to Merge Cells in Google Sheets: Step by Step Guide
- How to Lock Cells in Google Sheets : Step by Step Guide
- PS5 Pro Launched: Controller, Price, Specs & Features, How to Pre-Order, and More
- #geekstreak2024 – 21 Days POTD Challenge Powered By Deutsche Bank
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
'); $('.spinner-loading-overlay').show(); jQuery.ajax({ url: writeApiUrl + 'create-improvement-post/?v=1', type: "POST", contentType: 'application/json; charset=utf-8', dataType: 'json', xhrFields: { withCredentials: true }, data: JSON.stringify({ gfg_id: post_id, check: true }), success:function(result) { jQuery.ajax({ url: writeApiUrl + 'suggestions/auth/' + `${post_id}/`, type: "GET", dataType: 'json', xhrFields: { withCredentials: true }, success: function (result) { $('.spinner-loading-overlay:eq(0)').remove(); var commentArray = result; if(commentArray === null || commentArray.length === 0) { // when no reason is availaible then user will redirected directly make the improvment. // call to api create-improvement-post $('body').append('
'); $('.spinner-loading-overlay').show(); jQuery.ajax({ url: writeApiUrl + 'create-improvement-post/?v=1', type: "POST", contentType: 'application/json; charset=utf-8', dataType: 'json', xhrFields: { withCredentials: true }, data: JSON.stringify({ gfg_id: post_id, }), success:function(result) { $('.spinner-loading-overlay:eq(0)').remove(); $('.improve-modal--overlay').hide(); $('.unlocked-status--improve-modal-content').css("display","none"); $('.create-improvement-redirection-to-write').attr('href',writeUrl + 'improve-post/' + `${result.id}` + '/', '_blank'); $('.create-improvement-redirection-to-write')[0].click(); }, error:function(e) { $('.spinner-loading-overlay:eq(0)').remove(); var result = e.responseJSON; if(result.detail.non_field_errors.length){ $('.improve-modal--improve-content .improve-modal--improve-content-modified').text(`${result.detail.non_field_errors}.`); jQuery('.improve-modal--overlay').show(); jQuery('.improve-modal--improvement').show(); $('.locked-status--impove-modal').css("display","block"); $('.unlocked-status--improve-modal-content').css("display","none"); $('.improve-modal--improvement').attr("status","locked"); $('.improvement-reason-modal').hide(); } }, }); return; } var improvement_reason_html = ""; for(var comment of commentArray) { // loop creating improvement reason list markup var comment_id = comment['id']; var comment_text = comment['suggestion']; improvement_reason_html += `
${comment_text}
`; } $('.improvement-reasons_wrapper').html(improvement_reason_html); $('.improvement-bottom-btn').html("Create Improvement"); $('.improve-modal--improvement').hide(); $('.improvement-reason-modal').show(); }, error: function(e){ $('.spinner-loading-overlay:eq(0)').remove(); // stop loader when ajax failed; }, }); }, error:function(e) { $('.spinner-loading-overlay:eq(0)').remove(); var result = e.responseJSON; if(result.detail.non_field_errors.length){ $('.improve-modal--improve-content .improve-modal--improve-content-modified').text(`${result.detail.non_field_errors}.`); jQuery('.improve-modal--overlay').show(); jQuery('.improve-modal--improvement').show(); $('.locked-status--impove-modal').css("display","block"); $('.unlocked-status--improve-modal-content').css("display","none"); $('.improve-modal--improvement').attr("status","locked"); $('.improvement-reason-modal').hide(); } }, }); } else { if(loginData && !loginData.isLoggedIn) { $('.improve-modal--overlay').hide(); if ($('.header-main__wrapper').find('.header-main__signup.login-modal-btn').length) { $('.header-main__wrapper').find('.header-main__signup.login-modal-btn').click(); } return; } } }); $('.left-arrow-icon_wrapper').on('click',function(){ if($('.improve-modal--suggestion').is(":visible")) $('.improve-modal--suggestion').hide(); else{ $('.improvement-reason-modal').hide(); } $('.improve-modal--improvement').show(); }); function loadScript(src, callback) { var script = document.createElement('script'); script.src = src; script.onload = callback; document.head.appendChild(script); } function suggestionCall() { var suggest_val = $.trim($("#suggestion-section-textarea").val()); var array_String= suggest_val.split(" ") var gCaptchaToken = $("#g-recaptcha-response-suggestion-form").val(); var error_msg = false; if(suggest_val != "" && array_String.length >=4){ if(suggest_val.length <= 2000){ var payload = { "gfg_post_id" : `${post_id}`, "suggestion" : `
${suggest_val}
`, } if(!loginData || !loginData.isLoggedIn) // User is not logged in payload["g-recaptcha-token"] = gCaptchaToken jQuery.ajax({ type:'post', url: "https://apiwrite.geeksforgeeks.org/suggestions/auth/create/", xhrFields: { withCredentials: true }, crossDomain: true, contentType:'application/json', data: JSON.stringify(payload), success:function(data) { jQuery('.spinner-loading-overlay:eq(0)').remove(); jQuery('#suggestion-section-textarea').val(""); jQuery('.suggest-bottom-btn').css("display","none"); // Update the modal content const modalSection = document.querySelector('.suggestion-modal-section'); modalSection.innerHTML = `
Thank You!
Your suggestions are valuable to us.
You can now also contribute to the GeeksforGeeks community by creating improvement and help your fellow geeks.
`; }, error:function(data) { jQuery('.spinner-loading-overlay:eq(0)').remove(); jQuery('#suggestion-modal-alert').html("Something went wrong."); jQuery('#suggestion-modal-alert').show(); error_msg = true; } }); } else{ jQuery('.spinner-loading-overlay:eq(0)').remove(); jQuery('#suggestion-modal-alert').html("Minimum 5 Words and Maximum Character limit is 2000."); jQuery('#suggestion-modal-alert').show(); jQuery('#suggestion-section-textarea').focus(); error_msg = true; } } else{ jQuery('.spinner-loading-overlay:eq(0)').remove(); jQuery('#suggestion-modal-alert').html("Enter atleast four words !"); jQuery('#suggestion-modal-alert').show(); jQuery('#suggestion-section-textarea').focus(); error_msg = true; } if(error_msg){ setTimeout(() => { jQuery('#suggestion-section-textarea').focus(); jQuery('#suggestion-modal-alert').hide(); }, 3000); } } document.querySelector('.suggest-bottom-btn').addEventListener('click', function(){ jQuery('body').append('
'); jQuery('.spinner-loading-overlay').show(); if(loginData && loginData.isLoggedIn) { suggestionCall(); return; } // load the captcha script and set the token loadScript('https://www.google.com/recaptcha/api.js?render=6LdMFNUZAAAAAIuRtzg0piOT-qXCbDF-iQiUi9KY',[], function() { setGoogleRecaptcha(); }); }); $('.improvement-bottom-btn.create-improvement-btn').click(function() { //create improvement button is clicked $('body').append('
'); $('.spinner-loading-overlay').show(); // send this option via create-improvement-post api jQuery.ajax({ url: writeApiUrl + 'create-improvement-post/?v=1', type: "POST", contentType: 'application/json; charset=utf-8', dataType: 'json', xhrFields: { withCredentials: true }, data: JSON.stringify({ gfg_id: post_id }), success:function(result) { $('.spinner-loading-overlay:eq(0)').remove(); $('.improve-modal--overlay').hide(); $('.improvement-reason-modal').hide(); $('.create-improvement-redirection-to-write').attr('href',writeUrl + 'improve-post/' + `${result.id}` + '/', '_blank'); $('.create-improvement-redirection-to-write')[0].click(); }, error:function(e) { $('.spinner-loading-overlay:eq(0)').remove(); var result = e.responseJSON; if(result.detail.non_field_errors.length){ $('.improve-modal--improve-content .improve-modal--improve-content-modified').text(`${result.detail.non_field_errors}.`); jQuery('.improve-modal--overlay').show(); jQuery('.improve-modal--improvement').show(); $('.locked-status--impove-modal').css("display","block"); $('.unlocked-status--improve-modal-content').css("display","none"); $('.improve-modal--improvement').attr("status","locked"); $('.improvement-reason-modal').hide(); } }, }); });