[英]Make `npm ls somepackage` command respect version range
I'm trying to use npm ls
to find the source of security warnings.我正在尝试使用npm ls
来查找安全警告的来源。 The docs mention that:文档提到:
Positional arguments are name@version-range identifiers, which will limit the results to only the paths to the packages named.位置 arguments 是 name@version-range 标识符,这会将结果限制为仅指定包的路径。
I'm fixing CVE-2020-7598 for package minimist
which says:我正在为 package minimist
修复 CVE-2020-7598,它说:
CVE-2020-7598 Vulnerable versions: < 0.2.1 Patched version: 0.2.1 CVE-2020-7598 漏洞版本:< 0.2.1 修补版本:0.2.1
Now npm ls minimist
gives all dependencies tracked, but I want to do it for the specific range.现在npm ls minimist
跟踪所有依赖项,但我想针对特定范围执行此操作。 So I've tried:所以我试过:
npm ls "minimist<0.2.1"
gives The system cannot find the file specified.
npm ls "minimist<0.2.1"
给出The system cannot find the file specified.
npm ls "minimist@<0.2.1"
gives The system cannot find the file specified.
npm ls "minimist@<0.2.1"
给出The system cannot find the file specified.
npm ls "minimist@<=0.2.0"
gives The system cannot find the file specified.
npm ls "minimist@<=0.2.0"
给出The system cannot find the file specified.
npm ls "minimist@0.2.0"
gives -- (empty)
(which makes sense because eg 0.0.8 is in my tree) npm ls "minimist@0.2.0"
给出-- (empty)
(这是有道理的,因为例如 0.0.8 在我的树中) So, how can I make npm ls
return packages below a certain version in my dependency tree?那么,我怎样才能让npm ls
返回我的依赖树中某个版本以下的包?
The synopsis for the command you want is as follows:您想要的命令的概要如下:
npm ls <pkg>@"<comparator>"
^ ^
Note: The double quotes are wrapped around the comparator part only.注意:双引号仅包含在比较器部分周围。
For instance:例如:
npm ls minimist@"<0.2.1"
^ ^
Any valid semver range comparators are permitted between the quotes.引号之间允许使用任何有效的 semver 范围比较器。 For example:例如:
npm ls minimist@"<=0.2.0 >=0.0.8"
^ ^
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.