如何处理来自 npm 的弃用警告 [英] How to deal with deprecation warnings from npm

问题描述

几乎每次我使用 npm 安装软件包时，都会收到如下警告:

Nearly all the time I use npm to install a package, I get a warning like:

npm WARN deprecated minimatch@1.0.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

然后我使用建议的版本号安装可疑软件包.

Then I install the dubious packages with the advised version number.

有什么方法可以让 npm 自动执行此操作?当然风险自负.

Is there any way to make npm do this automatically? At own risk of course.

推荐答案

如果您不直接依赖已弃用的软件包，则直接安装它们可能不会完成任何事情.依赖于它的包是需要更新其依赖项的包，依此类推，直到到达您正在开发的包.本质上:如果它很重要(例如安全问题)，通知包维护者；如果没有，请忽略弃用警告.

If you're not depending directly on the deprecated packages, you're probably not accomplishing anything by installing them directly. Whichever package depends on it is the one that needs to update its dependencies, and so on until you reach the package you're developing. Essentially: if it's important (e.g. a security problem), notify the package maintainers; if not, ignore the deprecation warning.

这篇关于如何处理来自 npm 的弃用警告的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！