1

我想删除 npm 审计中的漏洞,

https://snyk.io/test/npm/babel-cli/6.23.0

如何更新 chokidar 模块?

如何在不更新父模块的情况下更新依赖模块? 

    Manual Review                                  
             Some vulnerabilities require your attention to resolve             

          Visit https://go.npm.me/audit-guide for additional guidance           


  Low             Regular Expression Denial of Service                          

  Package         braces                                                        

  Patched in      >=2.3.1                                                       

  Dependency of   babel-cli [dev]                                               

  Path            babel-cli > chokidar > anymatch > micromatch > braces         

  More info       https://npmjs.com/advisories/786
4

2 回答 2

1

安装 '@babel/cli' 而不是 'babel-cli'。

npm 模块需要'@babel/core、@babel/node、@babel/cli、@babel/preset-flow、@babel/register'

使用以下内容更新 .babelrc 文件:

{
  "presets": ["@babel/preset-flow"]
}

更新 package.json 脚本:

{
  "scripts": {
    "babel-node": "babel-node --presets=@babel/preset-flow",
    "serve": "nodemon --exec npm run babel-node -- ./app/app.js",
    "start": "node ./build/app.js",
    "local": "node ./app/app.js",
    "build": "./node_modules/.bin/babel ./app/ -d ./build/ --copy-files",
    "mocha": "mocha --require @babel/register",
    "test": "mocha --require @babel/register --recursive ./test/",
    "test:e2e": "mocha --timeout 20000 --require @babel/register --recursive ./e2e/ --exit",
    "test:coverage": "nyc --reporter=html --reporter=text mocha --require @babel/register --recursive ./test/",
    "test:coverage-report": "nyc report --reporter=text-lcov | coveralls ",
    "lint": "eslint ./app --ext .js",
    "prepush": "npm run test && npm run lint",
    "flow": "flow",
    "flow:init": "flow init",
    "flow:status": "flow status"
  }
}
于 2019-08-29T05:14:20.680 回答
1

你可以看看分辨率。基本上,它强制安装您在解决方案对象中指定的包的版本,即使该包是子依赖项。

{
  "name": "project",
  "version": "1.0.0",
  "dependencies": {
    "left-pad": "1.0.0",
    "c": "file:../c-1",
    "d2": "file:../d2-1"
  },
  "resolutions": {
    "d2/left-pad": "1.1.1",
    "c/**/left-pad": "1.1.2"
  }
}
于 2019-08-27T05:38:43.727 回答