javascript - npm audit 返回奇怪的依赖项

Question

Npm audit 返回带有一些有效警告的输出，但也带有奇怪的依赖项，看起来像随机的十六进制字符串。每次运行时该字符串都会更改，npm audit并且对于所有包都是相同的，在审计中引用。

我怎样才能摆脱它？Npm 版本是 6.8.0

High            Cross-Site Scripting (XSS)
Package         jquery
Patched in      >=3.0.0
Dependency of   28941ae593a0bfccfbff69e6c9be45d3edb864692c815174fff557331de…
Path            28941ae593a0bfccfbff69e6c9be45d3edb864692c815174fff557331de…
                >
                39e4d897653a99aeb635bac80469694d1066d648e1fc9d3ac63ded7789c…
                > jquery

More info       https://npmjs.com/advisories/328


Moderate        Prototype Pollution
Package         lodash
Patched in      >=4.17.11
Dependency of   browserify-resolutions [dev]
Path            browserify-resolutions > lodash

More info       https://npmjs.com/advisories/782

Moderate        Prototype Pollution
Package         lodash
Patched in      >=4.17.11
Dependency of   28941ae593a0bfccfbff69e6c9be45d3edb864692c815174fff557331de…
Path            28941ae593a0bfccfbff69e6c9be45d3edb864692c815174fff557331de…
                > lodash

More info       https://npmjs.com/advisories/782

score 2 · Accepted Answer

我刚刚遇到了同样的问题。在查看npm 文档后，这已在版本 7 中得到解决。我刚刚使用 npm 7+ 运行了 npm audit，它指出了没有哈希的罪魁祸首的确切包。

javascript - npm audit 返回奇怪的依赖项

1 回答 1

Related

Reference