webpack-dev-server@3.1.14在使用npm审计时获得缺少原始验证

Question

我已将更新更新webpack-dev-server到最新3.1.14但我在使用时仍然遇到漏洞问题npm audit --fix.我尝试过每一件事.清理缓存.清除所有模块并重新安装但所有模块都相同.

以下是我跑步时的错误 npm audit

$ npm audit

                   === npm audit security report ===                        


                             Manual Review                                  
         Some vulnerabilities require your attention to resolve             

      Visit https://go.npm.me/audit-guide for additional guidance           




  High            Missing Origin Validation                                     

  Package         webpack-dev-server                                            

  Patched in      >=3.1.11                                                      

  Dependency of   webpack-dev-server [dev]                                      

  Path            webpack-dev-server                                            

  More info       https://nodesecurity.io/advisories/725                        

found 1 high severity vulnerability in 60688 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Answer 1

似乎是由于 npm 漏洞数据库中的拼写错误造成的。希望尽快修复： https://npm.community/t/npm-audit-sweems-to-get-semver-wrong/4352