在运行 npx create-react-app my-app 时,我遇到了 10 个中等严重程度的漏洞。即使运行 npmauditfix 或 npmauditfix--force 后也无法修复。当我运行 npmauditfix --force 时,我得到了 44 个漏洞(25 个低漏洞、5 个中漏洞、14 个高漏洞),然后,如果我运行相同的命令来修复,我会得到 10 个中等严重漏洞。每次我运行命令时,这种情况都会持续循环。
$ npm audit
# npm audit report
browserslist 4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/1747
fix available via `npm audit fix --force`
Will install react-scripts@1.1.5, which is a breaking change
node_modules/react-dev-utils/node_modules/browserslist
react-dev-utils >=6.0.0-next.03604a46
Depends on vulnerable versions of browserslist
node_modules/react-dev-utils
react-scripts >=0.10.0-alpha.328cb32e
Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
Depends on vulnerable versions of react-dev-utils …