相关疑难解决方法(0)

如何手动修复npm漏洞？

我跑的npm install时候说found 33 vulnerabilities (2 low, 31 moderate) run `npm audit fix` to fix them, or `npm audit` for details.

但是,npm audit fix产出up to date in 11s fixed 0 of 33 vulnerabilities in 24653 scanned packages 33 vulnerabilities required manual review and could not be updated

这是否review意味着它不应由用户修复？

当我运行npm audit它时,给我一个表的列表,类似于Update to version 4.17.5 or later.

在此示例中,链接页面的修复部分说/node_modules/browser-sync/package.json.但是,/node_modules/lodash/lodash.json有以下几行:

????????????????????????????????????????????????????????????????????????????????
? Low           ? Prototype Pollution                                          ?
????????????????????????????????????????????????????????????????????????????????
? …

Run Code Online (Sandbox Code Playgroud)

node.js npm npm-audit

Jak*_*pov

2019 07-14

43
推荐指数

4
解决办法

4万
查看次数

运行建议的命令不会修复NPM漏洞

在我的项目中每次安装新的NPM模块后,我收到以下错误:

[!] 40 vulnerabilities found - Packages audited: 5840 (0 dev, 299 optional)
    Severity: 8 Low | 24 Moderate | 8 High

Run Code Online (Sandbox Code Playgroud)

然后我运行npm audit并获取40个漏洞中的每个漏洞的详细信息,例如:

# Run  npm install npm@6.0.1  to resolve 22 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
????????????????????????????????????????????????????????????????????????????????
? Moderate      ? Prototype pollution                                          ?
????????????????????????????????????????????????????????????????????????????????
? Package       ? hoek                                                         ?
????????????????????????????????????????????????????????????????????????????????
? Dependency of ? npm                                                          ?
????????????????????????????????????????????????????????????????????????????????
? Path          ? npm > libcipm > npm-lifecycle > node-gyp > request > hawk > …

Run Code Online (Sandbox Code Playgroud)

fsevents node.js npm npm-audit

Ki *_*Jéy

2018 05-14

18
推荐指数

1
解决办法

5767
查看次数