如何修复 npm 审计报告 [英] how to fix the npm audit report
问题描述
当我运行 npm audit 命令时
=== npm 审计安全报告 ===
=== npm audit security report ===
`Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance `
High │ Arbitrary File Overwrite
Package │ tar
Patched in │ >=4.4.2
Dependency of │ @angular-devkit/build-angular [dev]
Path │ @angular-devkit/build-angular > node-sass > node-gyp >tar
More info │ https://nodesecurity.io/advisories/803
它说在42611个扫描包中发现了1个高危漏洞1 个漏洞需要人工审核
.由于它与 @angular-devkit/build-angular
相关,我担心它是否会在我的项目中产生任何其他问题.
its saying found 1 high severity vulnerability in 42611 scanned packages
1 vulnerability requires manual review
. As its related to @angular-devkit/build-angular
, I am afraid whether it will create any other issue in my project.
当我运行 npm audit fix 命令时
npm WARN optional SKIPPING OPTIONAL
DEPENDENCY:fsevents@1.2.9 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL
DEPENDENCY:Unsupported platform for
fsevents@1.2.9: wanted {"os":"darwin","arch":"any"}
(current: {"os":"linux","arch":"x64"})
那么如何在任何具有 linux 操作系统的系统中解决这个问题.让我们考虑忽略上面的 npm 审计修复结果,因为不知何故它是一个警告.但是 npm 审计的结果被认为是高危漏洞.如何解决这个问题.
So how to fix this in any system having linux operating system. Lets consider ignoring the above npm audit fix result,because somehow its an warning. But the result of npm audit is considered as a high severity vulnerability. How to fix this.
Angular CLI 版本
Angular CLI: 7.3.8
Node: 10.0.0
OS: linux x64
Angular: 7.2.14
... animations, common, compiler, compiler-cli, core, forms
... language-service, platform-browser, platform-browser-dynamic
... router
Package Version
-----------------------------------------------------------
@angular-devkit/architect 0.13.8
@angular-devkit/build-angular 0.13.8
@angular-devkit/build-optimizer 0.13.8
@angular-devkit/build-webpack 0.13.8
@angular-devkit/core 7.3.8
@angular-devkit/schematics 7.3.8
@angular/cli 7.3.8
@ngtools/webpack 7.3.8
@schematics/angular 7.3.8
@schematics/update 0.13.8
rxjs 6.3.3
typescript 3.2.4
webpack 4.29.0
帮我解决这个问题.谢谢
Help me in fixing this. thank you
推荐答案
删除node_modules
和package-lock.json
,然后运行命令:
Delete the node_modules
andpackage-lock.json
, then run the commands:
npm install
npm 审计
npm 审计修复
npm 审计
Found 0漏洞
会出现,问题已修复.
这篇关于如何修复 npm 审计报告的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!