Parcel-Bundler 无法修复高漏洞
[英]Parcel-Bundler cannot fix high vulnerabilities
问题描述
I followed Kevin Powell's YT video on SASS and Parcel.
我在 SASS 和 Parcel 上关注了 Kevin Powell 的 YT 视频。 I manage to get the SASS part up and running fine and managed to get the parcel-bundler working on one project fine...so up to that point everything is ok.我设法让 SASS 零件正常运行,并设法让包裹打包机在一个项目上正常工作……所以到目前为止一切都很好。
Today I was creating a new project and followed all the required steps and when I got to installing Parcel via npm install parcel-bundler --save-dev I'm getting 2 high severity vulnerabilities....I've ran the npm audit fix command and the npm audit fix --force as suggested but no luck on getting rid of the issue.今天我正在创建一个新项目并遵循所有必需的步骤,当我通过npm install parcel-bundler --save-dev安装 Parcel 时,我遇到了 2 个高严重性漏洞......我已经运行了npm audit fix命令和npm audit fix --force建议但没有运气摆脱这个问题。
Here's the output of the npm audit这是npm audit的output
npm audit report
node-forge <=0.9.2
Severity: high
Prototype Pollution in node-forge - https://npmjs.com/advisories/1561
fix available via `npm audit fix --force`
Will install parcel-bundler@1.3.1, which is a breaking change
node_modules/node-forge
parcel-bundler >=1.4.0
Depends on vulnerable versions of node-forge
node_modules/parcel-bundler
2 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
I have tried all possible solutions that I could find on the issue, but for the life of me I can't get it to work.我已经尝试了所有可能的解决方案,我可以在这个问题上找到,但对于我的生活,我无法让它发挥作用。
I even did a test on both my PC and Laptop...my main PC is running Linux Mint 19.2 cinnamon and the laptop Window 10 and in both I get the same 2 vulnerabilities.我什至在我的 PC 和笔记本电脑上都进行了测试......我的主 PC 正在运行 Linux Mint 19.2 cinnamon 和笔记本电脑 Window 10 并且在两者中我都遇到了相同的 2 个漏洞。
How can I fix this?我怎样才能解决这个问题?
3 个解决方案
解决方案1
0 2021-03-11 00:37:21
I had same issue this days.这几天我有同样的问题。 I tried everything possible, and only this worked我尝试了一切可能,只有这个有效
npm add --dev parcel@next
or或者
npm add --include=dev parcel@next
If they don't work try also with:如果它们不起作用,请尝试以下方法:
npm install -D parcel@next
Its version 2.0.0-beta.1它的版本 2.0.0-beta.1
Also, I uninstall NodeJS, deleted users/{myName}/AppData/Roaming/npm directories, package.json, and node_modules.另外,我卸载了 NodeJS,删除了 users/{myName}/AppData/Roaming/npm 目录、package.json 和 node_modules。
解决方案2
0 2021-03-15 03:45:10
Thanks @Stefan!谢谢@Stefan!
To summarize the steps I took to make it work was:总结一下我为使它工作而采取的步骤是:
Deleted all pre-existing.json, node_modules, cache folders and even the dist folder intended to hold the bundled code (html, css, etc.) to make sure I had a clean slate to begin with.删除了所有预先存在的.json、node_modules、缓存文件夹,甚至是用于保存捆绑代码(html、css 等)的 dist 文件夹,以确保我有一个干净的开始。
Then I initialized npm:然后我初始化了npm:
npm init -y
After that I added 'Parcel':之后我添加了“包裹”:
npm add --include=dev parcel@next
I fixed any issues by forcing the fix and making sure there was no issues whatsoever:我通过强制修复并确保没有任何问题来修复任何问题:
npm audit fix --force
And now the sweet part...I just ran Yarn and voilá, it works!现在是甜蜜的部分......我刚刚运行了 Yarn 并且瞧,它有效!
yarn parcel index.html
- npm version: 7.6.3 npm 版本:7.6.3
- parcel version: 2.0.0-beta.1包裹版本:2.0.0-beta.1
- yarn version: 1.22.5纱线版本:1.22.5
解决方案3
0 2021-07-27 19:04:02
There is no need to worry about the vulnerabilities.无需担心漏洞。 You can just follow Kevin's steps in the video Sass with auto-refresh (and more) made easy您可以按照视频Sass 中 Kevin 的步骤进行操作,自动刷新(以及更多)变得简单
and it all works fine.一切正常。
If you want to learn about the issue, check out this link, https://github.com/parcel-bundler/parcel/issues/5145如果您想了解该问题,请查看此链接https://github.com/parcel-bundler/parcel/issues/5145
Look at the screenshot attached看附上的截图
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.