NativeScript 8.0.0:NPM 漏洞在“3 高”和“30 高”之间切换
[英]NativeScript 8.0.0: NPM vulnerabilites switching between "3 high" to "30 high"
问题描述
I am currently working on a NativeScript project that uses NativeScript core ~8.0.0 and I just ran an npm install and realized that there are 3 high vulnerabilities.
我目前正在开发一个使用 NativeScript 核心 ~8.0.0 的 NativeScript 项目,我刚刚运行了npm install并意识到有 3 个高漏洞。 When I try to fix them using npm audit fix (even with --force flag) I end up having 30 hight vulnerabilites.当我尝试使用npm audit fix (即使使用--force标志)修复它们时,我最终有 30 个高漏洞。 Again npm audit fix leads to the original 3 high again.再次npm audit fix再次导致原始 3 高。
These seem to be due to @nativescript/webpack:5.0.0 which is the current version but relies on a vulnerable version of @pmmmwh/react-refresh-webpack-plugin .这些似乎是由于@nativescript/webpack:5.0.0这是当前版本,但依赖于@pmmmwh/react-refresh-webpack-plugin的易受攻击版本。
Any ideas on how to solve this problem?关于如何解决这个问题的任何想法?
Here is the detailed output of npm audit :这是npm audit的详细输出:
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix --force`
Will install @nativescript/webpack@4.1.0, which is a breaking change
node_modules/ansi-html
@pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6
Depends on vulnerable versions of ansi-html
@nativescript/webpack >=5.0.0-alpha.0
Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
node_modules/@nativescript/webpack
1 个解决方案
解决方案1
0 2021-11-10 18:32:41
Nervermind, ns migrate did the trick. Nervermind, ns migrate成功了。
Still if anyone is facing a similar problem with the ansi-html package there is a solution for that in this answer .尽管如此,如果有人在ansi-html包中遇到类似的问题,在这个答案中有一个解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.