vue.js - npm install 和包的漏洞

Question

我正在Vue 3而不是Vue 2中开发应用程序。拜托，我有非常简单package.json的路由器和 cli 来构建、编译和运行应用程序。

这是完整的json

{
  "name": "notebox",
  "version": "0.1.0",
  "private": true,
  "scripts": {
    "serve": "vue-cli-service serve",
    "build": "vue-cli-service build",
    "lint": "vue-cli-service lint"
  },
  "dependencies": {
    "core-js": "^3.20.0",
    "vue": "^3.2.26",
    "vue-router": "^4.0.12"
  },
  "devDependencies": {
    "@vue/cli": "^5.0.0-rc.1",
    "@vue/cli-service": "^4.5.15",
    "@vue/compiler-sfc": "^3.2.26"
  }
}

但在npm install收到许多关于漏洞的警告之后。拜托，你能推荐我怎样才能避免这种情况吗？或者它不重要，我可以保留它吗？事实上，我只是后端开发人员，还没有做前端。这是我参与前端的第一个应用程序。

rabbit@DESKTOP-E8LUKPL:~/projects/Notebox$ npm install
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated apollo-tracing@0.15.0: The `apollo-tracing` package is no longer part of Apollo Server 3. See https://www.apollographql.com/docs/apollo-server/migration/#tracing for details
npm WARN deprecated graphql-extensions@0.15.0: The `graphql-extensions` API has been removed from Apollo Server 3. Use the plugin API instead: https://www.apollographql.com/docs/apollo-server/integrations/plugins/
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated html-webpack-plugin@3.2.0: 3.x is no longer supported
npm WARN deprecated @hapi/address@2.1.4: Moved to 'npm install @sideway/address'
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated apollo-cache-control@0.14.0: The functionality provided by the `apollo-cache-control` package is built in to `apollo-server-core` starting with Apollo Server 3. See https://www.apollographql.com/docs/apollo-server/migration/#cachecontrol for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/joi@15.1.1: Switch to 'npm install joi'
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated graphql-tools@4.0.8: This package has been deprecated and now it only exports makeExecutableSchema.\nAnd it will no longer receive updates.\nWe recommend you to migrate to scoped packages such as @graphql-tools/schema, @graphql-tools/utils and etc.\nCheck out https://www.graphql-tools.com to learn what package you should use instead

added 1708 packages, and audited 1709 packages in 2m

113 packages are looking for funding
  run `npm fund` for details

26 vulnerabilities (16 moderate, 10 high)

我试过npm update -g了，但没有帮助。我尝试ncu -u使用 package.json 中的最新版本，但也无济于事。使用全新安装删除package-lock.json和目录后，我仍然有所有漏洞。node_modules我也尝试过添加"svgo": "^2.8.0"，因为它是安装期间警告中已弃用的包，但它也无济于事。

我尝试了这个网站的提示和技巧。依然没有。

你能给我一些建议，我怎样才能在没有漏洞的情况下进行全新安装？我知道，很多包有很多依赖项，我仍然会有一些问题。但我想至少避免高漏洞。这是可能的？我怎么能踩？

非常感谢您的任何建议