[英]NativeScript 8.0.0: NPM vulnerabilites switching between "3 high" to "30 high"
I am currently working on a NativeScript project that uses NativeScript core ~8.0.0 and I just ran an npm install
and realized that there are 3 high vulnerabilities.我目前正在开发一个使用 NativeScript 核心 ~8.0.0 的 NativeScript 项目,我刚刚运行了
npm install
并意识到有 3 个高漏洞。 When I try to fix them using npm audit fix
(even with --force
flag) I end up having 30 hight vulnerabilites.当我尝试使用
npm audit fix
(即使使用--force
标志)修复它们时,我最终有 30 个高漏洞。 Again npm audit fix
leads to the original 3 high again.再次
npm audit fix
再次导致原始 3 高。
These seem to be due to @nativescript/webpack:5.0.0
which is the current version but relies on a vulnerable version of @pmmmwh/react-refresh-webpack-plugin
.这些似乎是由于
@nativescript/webpack:5.0.0
这是当前版本,但依赖于@pmmmwh/react-refresh-webpack-plugin
的易受攻击版本。
Any ideas on how to solve this problem?关于如何解决这个问题的任何想法?
Here is the detailed output of npm audit
:这是
npm audit
的详细输出:
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix --force`
Will install @nativescript/webpack@4.1.0, which is a breaking change
node_modules/ansi-html
@pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6
Depends on vulnerable versions of ansi-html
@nativescript/webpack >=5.0.0-alpha.0
Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
node_modules/@nativescript/webpack
Nervermind, ns migrate
did the trick. Nervermind,
ns migrate
成功了。
Still if anyone is facing a similar problem with the ansi-html
package there is a solution for that in this answer .尽管如此,如果有人在
ansi-html
包中遇到类似的问题,在这个答案中有一个解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.