[英]ENOLOCK npm ERR! Error while running npm audit fix
I am trying to install GLOBALLY a package with npm from my home directory.我正在尝试从我的主目录全局安装 package 和 npm。 After the install has completed, it indicates vulnerabilities.
安装完成后,它表明存在漏洞。 Upon trying to run
npm audit fix
, I obtain the following error.在尝试运行
npm audit fix
时,我收到以下错误。
npm ERR.
npm 错误。 code ENOLOCK npm ERR: audit This command requires an existing lockfile: npm ERR!
代码 ENOLOCK npm ERR:审计 此命令需要现有的锁定文件:npm ERR! audit Try creating one first with: npm i --package-lock-only npm ERR!
审计 尝试先创建一个: npm i --package-lock-only npm ERR! audit Original error: loadVirtual requires existing shrinkwrap file
审计原始错误:loadVirtual 需要现有的收缩包装文件
I understand that the error asks me to run npm i --package-lock-only
, but in which directory should I be creating this file?我了解该错误要求我运行
npm i --package-lock-only
,但我应该在哪个目录中创建此文件? Running the command without specifying a path does not work.在不指定路径的情况下运行命令不起作用。 I have also tried to create the file in the directory where the package was installed, but that has also not solved the issue.
我还尝试在安装 package 的目录中创建文件,但这也没有解决问题。 Also, why isn't this file present to start with?
另外,为什么这个文件一开始就不存在?
npm audit fix
is intended to fix vulnerabilities with the dependencies of your own project. npm audit fix
旨在修复您自己项目依赖项的漏洞。 Projects do have a package-lock.json
file.项目确实有一个
package-lock.json
文件。
It is not intended for globally installed packages.它不适用于全局安装的软件包。 If there are vulnerabilities with packages from others, they need to be fixed by the package maintainer in a new release.
如果其他人的软件包存在漏洞,则需要由 package 维护者在新版本中修复。 You can then update to this new release.
然后,您可以更新到这个新版本。
BTW, you should not use globally installed packages.顺便说一句,您不应该使用全局安装的软件包。 Use
npx
instead .改用
npx
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.