我正在Vue 3而不是Vue 2中开发应用程序。拜托,我有非常简单package.json
的路由器和 cli 来构建、编译和运行应用程序。
这是完整的json
{
"name": "notebox",
"version": "0.1.0",
"private": true,
"scripts": {
"serve": "vue-cli-service serve",
"build": "vue-cli-service build",
"lint": "vue-cli-service lint"
},
"dependencies": {
"core-js": "^3.20.0",
"vue": "^3.2.26",
"vue-router": "^4.0.12"
},
"devDependencies": {
"@vue/cli": "^5.0.0-rc.1",
"@vue/cli-service": "^4.5.15",
"@vue/compiler-sfc": "^3.2.26"
}
}
但在npm install
收到许多关于漏洞的警告之后。拜托,你能推荐我怎样才能避免这种情况吗?或者它不重要,我可以保留它吗?事实上,我只是后端开发人员,还没有做前端。这是我参与前端的第一个应用程序。
rabbit@DESKTOP-E8LUKPL:~/projects/Notebox$ npm install
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated apollo-tracing@0.15.0: The `apollo-tracing` package is no longer part of Apollo Server 3. See https://www.apollographql.com/docs/apollo-server/migration/#tracing for details
npm WARN deprecated graphql-extensions@0.15.0: The `graphql-extensions` API has been removed from Apollo Server 3. Use the plugin API instead: https://www.apollographql.com/docs/apollo-server/integrations/plugins/
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated html-webpack-plugin@3.2.0: 3.x is no longer supported
npm WARN deprecated @hapi/address@2.1.4: Moved to 'npm install @sideway/address'
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated apollo-cache-control@0.14.0: The functionality provided by the `apollo-cache-control` package is built in to `apollo-server-core` starting with Apollo Server 3. See https://www.apollographql.com/docs/apollo-server/migration/#cachecontrol for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/joi@15.1.1: Switch to 'npm install joi'
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated graphql-tools@4.0.8: This package has been deprecated and now it only exports makeExecutableSchema.\nAnd it will no longer receive updates.\nWe recommend you to migrate to scoped packages such as @graphql-tools/schema, @graphql-tools/utils and etc.\nCheck out https://www.graphql-tools.com to learn what package you should use instead
added 1708 packages, and audited 1709 packages in 2m
113 packages are looking for funding
run `npm fund` for details
26 vulnerabilities (16 moderate, 10 high)
我试过npm update -g
了,但没有帮助。我尝试ncu -u
使用 package.json 中的最新版本,但也无济于事。使用全新安装删除package-lock.json
和目录后,我仍然有所有漏洞。node_modules
我也尝试过添加"svgo": "^2.8.0"
,因为它是安装期间警告中已弃用的包,但它也无济于事。
我尝试了这个网站的提示和技巧。依然没有。
你能给我一些建议,我怎样才能在没有漏洞的情况下进行全新安装?我知道,很多包有很多依赖项,我仍然会有一些问题。但我想至少避免高漏洞。这是可能的?我怎么能踩?
非常感谢您的任何建议