[英]Parcel-Bundler cannot fix high vulnerabilities
I followed Kevin Powell's YT video on SASS and Parcel.我在 SASS 和 Parcel 上关注了 Kevin Powell 的 YT 视频。 I manage to get the SASS part up and running fine and managed to get the parcel-bundler working on one project fine...so up to that point everything is ok.
我设法让 SASS 零件正常运行,并设法让包裹打包机在一个项目上正常工作……所以到目前为止一切都很好。
Today I was creating a new project and followed all the required steps and when I got to installing Parcel via npm install parcel-bundler --save-dev
I'm getting 2 high severity vulnerabilities....I've ran the npm audit fix
command and the npm audit fix --force
as suggested but no luck on getting rid of the issue.今天我正在创建一个新项目并遵循所有必需的步骤,当我通过
npm install parcel-bundler --save-dev
安装 Parcel 时,我遇到了 2 个高严重性漏洞......我已经运行了npm audit fix
命令和npm audit fix --force
建议但没有运气摆脱这个问题。
Here's the output of the npm audit
这是
npm audit
的output
npm audit report
node-forge <=0.9.2
Severity: high
Prototype Pollution in node-forge - https://npmjs.com/advisories/1561
fix available via `npm audit fix --force`
Will install parcel-bundler@1.3.1, which is a breaking change
node_modules/node-forge
parcel-bundler >=1.4.0
Depends on vulnerable versions of node-forge
node_modules/parcel-bundler
2 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
I have tried all possible solutions that I could find on the issue, but for the life of me I can't get it to work.我已经尝试了所有可能的解决方案,我可以在这个问题上找到,但对于我的生活,我无法让它发挥作用。
I even did a test on both my PC and Laptop...my main PC is running Linux Mint 19.2 cinnamon and the laptop Window 10 and in both I get the same 2 vulnerabilities.我什至在我的 PC 和笔记本电脑上都进行了测试......我的主 PC 正在运行 Linux Mint 19.2 cinnamon 和笔记本电脑 Window 10 并且在两者中我都遇到了相同的 2 个漏洞。
How can I fix this?我怎样才能解决这个问题?
I had same issue this days.这几天我有同样的问题。 I tried everything possible, and only this worked
我尝试了一切可能,只有这个有效
npm add --dev parcel@next
or或者
npm add --include=dev parcel@next
If they don't work try also with:如果它们不起作用,请尝试以下方法:
npm install -D parcel@next
Its version 2.0.0-beta.1它的版本 2.0.0-beta.1
Also, I uninstall NodeJS, deleted users/{myName}/AppData/Roaming/npm directories, package.json, and node_modules.另外,我卸载了 NodeJS,删除了 users/{myName}/AppData/Roaming/npm 目录、package.json 和 node_modules。
Thanks @Stefan!谢谢@Stefan!
To summarize the steps I took to make it work was:总结一下我为使它工作而采取的步骤是:
Deleted all pre-existing.json, node_modules, cache folders and even the dist folder intended to hold the bundled code (html, css, etc.) to make sure I had a clean slate to begin with.删除了所有预先存在的.json、node_modules、缓存文件夹,甚至是用于保存捆绑代码(html、css 等)的 dist 文件夹,以确保我有一个干净的开始。
Then I initialized npm:然后我初始化了npm:
npm init -y
After that I added 'Parcel':之后我添加了“包裹”:
npm add --include=dev parcel@next
I fixed any issues by forcing the fix and making sure there was no issues whatsoever:我通过强制修复并确保没有任何问题来修复任何问题:
npm audit fix --force
And now the sweet part...I just ran Yarn and voilá, it works!现在是甜蜜的部分......我刚刚运行了 Yarn 并且瞧,它有效!
yarn parcel index.html
There is no need to worry about the vulnerabilities.无需担心漏洞。 You can just follow Kevin's steps in the video Sass with auto-refresh (and more) made easy
您可以按照视频Sass 中 Kevin 的步骤进行操作,自动刷新(以及更多)变得简单
and it all works fine.一切正常。
If you want to learn about the issue, check out this link, https://github.com/parcel-bundler/parcel/issues/5145如果您想了解该问题,请查看此链接https://github.com/parcel-bundler/parcel/issues/5145
Look at the screenshot attached看附上的截图
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.