Isa*_*aac 15 npm lodash reactjs react-native
????????????????????????????????????????????????????????????????????????????????
? Low ? Prototype Pollution ?
????????????????????????????????????????????????????????????????????????????????
? Package ? lodash ?
????????????????????????????????????????????????????????????????????????????????
? Patched in ? >=4.17.5 ?
????????????????????????????????????????????????????????????????????????????????
? Dependency of ? react-native-cached-image ?
????????????????????????????????????????????????????????????????????????????????
? Path ? react-native-cached-image > lodash ?
????????????????????????????????????????????????????????????????????????????????
? More info ? https://npmjs.com/advisories/577 ?
????????????????????????????????????????????????????????????????????????????????
found 11 vulnerabilities (2 low, 8 moderate, 1 high) in 26316 scanned packages
11 vulnerabilities require manual review. See the full report for details.
当我尝试时npm install,会显示,并且所有这些都需要手动检查。我尝试访问此网站以查看更多信息,这显然是因为我lodash的版本是4.17.4。因此,我随后运行npm install --save lodash@4.17.5并检查了我的内容package.json,以确保其正确反映。
但是,漏洞似乎仍然存在。想知道我是否以错误的方式修复它?
根据要求,package.json的主体
"dependencies": {
"lodash": "^4.17.5",
}
Vas*_*huk 16
您可以使用https://github.com/rogeriochaves/npm-force-resolutions解决它
1)添加决议部分
"resolutions": {
"lodash": "^4.17.5"
}
2)运行
rm -r node_modules
npx npm-force-resolutions
npm install
问题与该react-native-cached-image软件包对lodash的依赖有关,4.17.4如您在此处看到的那样:https : //github.com/kfiroo/react-native-cached-image/blob/master/package.json#L51
| 归档时间: |
|
| 查看次数: |
13156 次 |
| 最近记录: |