如何修复 npm 审计报告 [英] how to fix the npm audit report

问题描述

当我运行 npm audit 命令时

=== npm 审计安全报告 ===

=== npm audit security report ===

`Manual Review 

 Some vulnerabilities require your attention to resolve 

 Visit https://go.npm.me/audit-guide for additional guidance `



High          │ Arbitrary File Overwrite                                     

Package       │ tar                                                          
Patched in    │ >=4.4.2                                                       
Dependency of │ @angular-devkit/build-angular [dev]                           
Path          │ @angular-devkit/build-angular > node-sass > node-gyp >tar 
More info     │ https://nodesecurity.io/advisories/803

它说在42611个扫描包中发现了1个高危漏洞1 个漏洞需要人工审核.由于它与 @angular-devkit/build-angular 相关，我担心它是否会在我的项目中产生任何其他问题.

its saying found 1 high severity vulnerability in 42611 scanned packages 1 vulnerability requires manual review. As its related to @angular-devkit/build-angular, I am afraid whether it will create any other issue in my project.

当我运行 npm audit fix 命令时

    npm WARN optional SKIPPING OPTIONAL 
    DEPENDENCY:fsevents@1.2.9 (node_modules/fsevents):
    npm WARN notsup SKIPPING OPTIONAL 
    DEPENDENCY:Unsupported platform for 
    fsevents@1.2.9: wanted {"os":"darwin","arch":"any"} 
    (current: {"os":"linux","arch":"x64"})

那么如何在任何具有 linux 操作系统的系统中解决这个问题.让我们考虑忽略上面的 npm 审计修复结果，因为不知何故它是一个警告.但是 npm 审计的结果被认为是高危漏洞.如何解决这个问题.

So how to fix this in any system having linux operating system. Lets consider ignoring the above npm audit fix result,because somehow its an warning. But the result of npm audit is considered as a high severity vulnerability. How to fix this.

Angular CLI 版本

      Angular CLI: 7.3.8
      Node: 10.0.0
      OS: linux x64
      Angular: 7.2.14
      ... animations, common, compiler, compiler-cli, core, forms
      ... language-service, platform-browser, platform-browser-dynamic
      ... router

      Package                           Version
      -----------------------------------------------------------
      @angular-devkit/architect         0.13.8
      @angular-devkit/build-angular     0.13.8
      @angular-devkit/build-optimizer   0.13.8
      @angular-devkit/build-webpack     0.13.8
      @angular-devkit/core              7.3.8
      @angular-devkit/schematics        7.3.8
      @angular/cli                      7.3.8
      @ngtools/webpack                  7.3.8
      @schematics/angular               7.3.8
      @schematics/update                0.13.8
      rxjs                              6.3.3
      typescript                        3.2.4
      webpack                           4.29.0

帮我解决这个问题.谢谢

Help me in fixing this. thank you

推荐答案

这个漏洞有已修复.

删除node_modules和package-lock.json，然后运行命令:

Delete the node_modules andpackage-lock.json, then run the commands:

1. npm install
2. npm 审计
3. npm 审计修复
4. npm 审计

Found 0漏洞会出现，问题已修复.

这篇关于如何修复 npm 审计报告的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！