0

npm 审计报告

glob-parent <5.1.2 严重性:中等 正则表达式拒绝服务 - https://npmjs.com/advisories/1751 没有可用的修复 node_modules/webpack-dev-server/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 取决于 glob-parent node_modules/webpack-dev-server/node_modules/chokidar webpack-dev-server 的易受攻击版本 2.0.0-beta - 3.11.2 取决于 chokidar node_modules/webpack-dev-server 的易受攻击版本 @ angular-devkit/build-angular <=13.0.0-next.2 取决于 @angular-devkit/build-webpack 的易受攻击版本 取决于 webpack-dev-server 的易受攻击版本 node_modules/@angular-devkit/build-angular @ angular-devkit/build-webpack <=0.1300.0-next.2 取决于易受攻击的 webpack-dev-server node_modules/@angular-devkit/build-webpack 版本

5 个中等严重性漏洞

有些问题需要审查,并且可能需要选择不同的依赖项。

4

1 回答 1

0

These are vulnerabilities discovered and reported for dependencies your application is using. Generally, you will want to fix these by updating packages to the latest versions containing fixes for the vulnerabilities.

There is a command, npm audit fix, which can update the affected dependencies for you in most cases (It took me personally from 10.000+ to roughly 10 reports). This however by default will only use non-breaking version jumps (so by semantic versioning it will not jump a major version for example).

You can use npm audit fix --force to fix the remaining vulnerabilities (including semver-incompatible ones) if there are package updates, however you will need to look for breaking changes in the updated packages that may conflict with your program logic.

I highly recommend you look at the NPM Docs article below, it explains the whole process very well.

Also see:

于 2021-09-02T20:47:58.533 回答