我们在您的一个依赖项中发现了潜在的安全漏洞
[英]We found a potential security vulnerability in one of your dependencies
问题描述
I uploaded my node.js project on github and used mongoDB.
我在 github 上上传了我的 node.js 项目并使用了 mongoDB。 now its showing "1 mongose vulnerability found in package-lock.json " I tried to fix the issue using "npm audit fix" command it's showing现在它显示“在 package-lock.json 中发现 1 个猫鼬漏洞”我尝试使用它显示的“npm audit fix”命令修复问题
**npm WARN contact_list@1.0.0 No repository field. **npm WARN contact_list@1.0.0 没有存储库字段。
removed 1 package in 0.767s在 0.767 秒内移除 1 个 package
2 packages are looking for funding run npm fund for details 2包正在寻找资金运行npm fund详情
fixed 0 of 0 vulnerabilities in 94 scanned packages**修复了 94 个扫描包中 0 个漏洞中的 0 个**
so where is the problem?那么问题出在哪里?
1 个解决方案
解决方案1
0 2020-07-22 14:01:15
GitHub and npm and snyk and white source each have their own list of vulnerabilities. GitHub 和 npm 以及 snyk 和 white source 都有自己的漏洞列表。 Most they have in common, but some are only detected by specific tools.大多数它们有共同点,但有些只能由特定工具检测到。 This has been a big frustration of mine这是我的一大挫折
GitHub uses Dependabot to check your dependencies. GitHub 使用 Dependabot 检查您的依赖关系。 Fortunately Dependabot can also fix the detected vulnerability for you or tell you exactly what command do execute.幸运的是,Dependabot 还可以为您修复检测到的漏洞或告诉您确切执行的命令。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.