如何修复npm审核报告 [英] how to fix the npm audit report

问题描述

当我运行npm audit命令

=== npm审核安全报告===

=== npm audit security report ===

`Manual Review 

 Some vulnerabilities require your attention to resolve 

 Visit https://go.npm.me/audit-guide for additional guidance `



High          │ Arbitrary File Overwrite                                     

Package       │ tar                                                          
Patched in    │ >=4.4.2                                                       
Dependency of │ @angular-devkit/build-angular [dev]                           
Path          │ @angular-devkit/build-angular > node-sass > node-gyp >tar 
More info     │ https://nodesecurity.io/advisories/803

说found 1 high severity vulnerability in 42611 scanned packages 1 vulnerability requires manual review.由于它与@angular-devkit/build-angular有关，我担心它是否会在我的项目中造成任何其他问题.

its saying found 1 high severity vulnerability in 42611 scanned packages 1 vulnerability requires manual review. As its related to @angular-devkit/build-angular, I am afraid whether it will create any other issue in my project.

当我运行npm audit fix命令

    npm WARN optional SKIPPING OPTIONAL 
    DEPENDENCY:fsevents@1.2.9 (node_modules/fsevents):
    npm WARN notsup SKIPPING OPTIONAL 
    DEPENDENCY:Unsupported platform for 
    fsevents@1.2.9: wanted {"os":"darwin","arch":"any"} 
    (current: {"os":"linux","arch":"x64"})

因此，如何在具有Linux操作系统的任何系统中解决此问题.让我们考虑忽略上面的npm审核修复结果，因为它是一个警告.但是，npm审核的结果被认为是高度严重的漏洞.如何解决这个问题.

So how to fix this in any system having linux operating system. Lets consider ignoring the above npm audit fix result,because somehow its an warning. But the result of npm audit is considered as a high severity vulnerability. How to fix this.

Angular CLI版本

      Angular CLI: 7.3.8
      Node: 10.0.0
      OS: linux x64
      Angular: 7.2.14
      ... animations, common, compiler, compiler-cli, core, forms
      ... language-service, platform-browser, platform-browser-dynamic
      ... router

      Package                           Version
      -----------------------------------------------------------
      @angular-devkit/architect         0.13.8
      @angular-devkit/build-angular     0.13.8
      @angular-devkit/build-optimizer   0.13.8
      @angular-devkit/build-webpack     0.13.8
      @angular-devkit/core              7.3.8
      @angular-devkit/schematics        7.3.8
      @angular/cli                      7.3.8
      @ngtools/webpack                  7.3.8
      @schematics/angular               7.3.8
      @schematics/update                0.13.8
      rxjs                              6.3.3
      typescript                        3.2.4
      webpack                           4.29.0

帮助我解决此问题.谢谢

Help me in fixing this. thank you

推荐答案

此漏洞具有已修复.

删除node_modules和package-lock.json，然后运行命令:

Delete the node_modules andpackage-lock.json, then run the commands:

1. npm install
2. npm audit
3. npm audit fix
4. npm audit

1. npm install
2. npm audit
3. npm audit fix
4. npm audit

Found 0 vulnerabilities将会出现，问题已解决.

Found 0 vulnerabilities will appear, problem fixed.

这篇关于如何修复npm审核报告的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！