1

I am following a tutorial on youtube and forked the repo. After running npm install I get the following:

found 45634 vulnerabilities (42263 low, 21 moderate, 3349 high, 1 critical) in 1547 scanned packages
  run `npm audit fix` to fix 45333 of them.
  301 vulnerabilities require manual review. See the full report for details.

As I'm not really sure what npm audit fix does I am hesitant in executing the command.

I did run npm audit which gave me a list. Here a snippet :

Moderate        Regular Expression Denial of Service                          

  Package         acorn                                                         

  Patched in      >=5.7.4 <6.0.0 || >=6.4.1 <7.0.0 || >=7.1.1                   

  Dependency of   react-scripts                                                 

  Path            react-scripts > jest > jest-cli > jest-config >               
                  jest-environment-jsdom > jsdom > acorn                        

  More info       https://npmjs.com/advisories/1488

After reading through some forums people suggest to ignore the alert or to delete the package-lock.json and run npm install again. Haven't tried either of those solutions. Was gonna ask here first before blindly following advice I read in some forum.

Thanks for any help.

4

1 回答 1

0

由于您只是在学习教程,因此我会忽略这些漏洞,大多数情况下它只是弃用了尚未更新以修复这些漏洞的软件包。

于 2020-09-01T11:16:14.650 回答