如何修复这些漏洞?(npm 审计修复无法修复这些漏洞) [英] How to fix these vulnerabilities? (npm audit fix fails to fix these vulnerabilities)
问题描述
我的项目有 6 个高危漏洞,我不知道如何修复它们.npm 审计修复失败.请帮我解决这个问题.
My project has 6 high severity vulnerabilities and I have no idea how to fix them. npm audit fix fails. Please help me to fix this.
我正在安装 https://www.npmjs.com/package/toastr我的项目并在安装后显示了漏洞.不知道有没有关系.=== npm 审计安全报告 ===
I was installing https://www.npmjs.com/package/toastr to my project and after it has installed the vulnerabilities were shown. I don't know is there any connection. === npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > @schematics/update > pacote >
make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > pacote > make-fetch-happen >
https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > @schematics/update > pacote >
npm-registry-fetch > make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > pacote > npm-registry-fetch >
make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of protractor [dev]
Path protractor > browserstack > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of protractor [dev]
Path protractor > saucelabs > https-proxy-agent
More info https://npmjs.com/advisories/1184
推荐答案
1) npm i --save-dev npm-force-resolutions
1) npm i --save-dev npm-force-resolutions
2) 将此添加到您的 package.json
2) Add this to your package.json
决议":{"https-proxy-agent": "^3.0.0"}
"resolutions": { "https-proxy-agent": "^3.0.0" }
3) 让 npm-force-resolutions 来做它的事情
3) Let npm-force-resolutions do it's thing
rm -r node_modules
npx npm-force-resolutions
npm install
4) 重新运行您的审计 npm 审计.
4) re-run your audit npm audit.
字体:https://github.com/TooTallNate/node-https-proxy-agent/issues/84#issuecomment-543884972
这篇关于如何修复这些漏洞?(npm 审计修复无法修复这些漏洞)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!