Npm 和 Json 文件的问题

Question

So im new to coding and wanted to recode a program, but for doing that i need to get the programm running to understand it. However when i run npm install in the cmd this pops up

    up to date, audited 364 packages in 1s

16 packages are looking for funding
  run `npm fund` for details

5 moderate severity vulnerabilities

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

I tried everything but cant get it to work (npm audit fix doesnt work) Do I need to update these packages? npm fund:

    Program@1.0.0
+-- https://github.com/chalk/chalk?sponsor=1
| | `-- chalk@4.1.2
| `-- https://github.com/chalk/ansi-styles?sponsor=1
|     `-- ansi-styles@4.3.0
+-- https://github.com/sponsors/isaacs
|   `-- glob@7.2.0, rimraf@3.0.2, json-stringify-nice@1.1.4, promise-all-reject-late@1.0.1, promise-call-limit@1.0.1
+-- https://github.com/sponsors/sindresorhus
|   `-- p-map@4.0.0, get-stream@5.2.0, p-limit@2.3.0
+-- https://github.com/sponsors/ljharb
|   `-- is-core-module@2.7.0
+-- https://github.com/sponsors/feross
|   `-- safe-buffer@5.2.1, buffer@5.7.1, base64-js@1.5.1, ieee754@1.2.1
`-- https://github.com/sponsors/epoberezkin
    `-- ajv@6.12.6

This happens when using audit fix --force

C:\Users\pepar\Desktop\program>npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit fix json-schema@0.2.3 node_modules/npm/node_modules/json-schema
npm WARN audit fix json-schema@0.2.3 is a bundled dependency of
npm WARN audit fix json-schema@0.2.3 npm@7.24.2 at node_modules/npm
npm WARN audit fix json-schema@0.2.3 It cannot be fixed automatically.
npm WARN audit fix json-schema@0.2.3 Check for updates to the npm package.
npm WARN audit fix ansi-regex@5.0.0 node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex
npm WARN audit fix ansi-regex@5.0.0 is a bundled dependency of
npm WARN audit fix ansi-regex@5.0.0 npm@7.24.2 at node_modules/npm
npm WARN audit fix ansi-regex@5.0.0 It cannot be fixed automatically.
npm WARN audit fix ansi-regex@5.0.0 Check for updates to the npm package.
npm WARN audit fix ansi-regex@3.0.0 node_modules/npm/node_modules/string-width/node_modules/ansi-regex
npm WARN audit fix ansi-regex@3.0.0 is a bundled dependency of
npm WARN audit fix ansi-regex@3.0.0 npm@7.24.2 at node_modules/npm
npm WARN audit fix ansi-regex@3.0.0 It cannot be fixed automatically.
npm WARN audit fix ansi-regex@3.0.0 Check for updates to the npm package.
npm WARN audit fix jsprim@1.4.1 node_modules/npm/node_modules/jsprim
npm WARN audit fix jsprim@1.4.1 is a bundled dependency of
npm WARN audit fix jsprim@1.4.1 npm@7.24.2 at node_modules/npm
npm WARN audit fix jsprim@1.4.1 It cannot be fixed automatically.
npm WARN audit fix jsprim@1.4.1 Check for updates to the npm package.
npm WARN audit fix strip-ansi@4.0.0 node_modules/npm/node_modules/string-width/node_modules/strip-ansi
npm WARN audit fix strip-ansi@4.0.0 is a bundled dependency of
npm WARN audit fix strip-ansi@4.0.0 npm@7.24.2 at node_modules/npm
npm WARN audit fix strip-ansi@4.0.0 It cannot be fixed automatically.
npm WARN audit fix strip-ansi@4.0.0 Check for updates to the npm package.
npm WARN audit fix string-width@2.1.1 node_modules/npm/node_modules/string-width
npm WARN audit fix string-width@2.1.1 is a bundled dependency of
npm WARN audit fix string-width@2.1.1 npm@7.24.2 at node_modules/npm
npm WARN audit fix string-width@2.1.1 It cannot be fixed automatically.
npm WARN audit fix string-width@2.1.1 Check for updates to the npm package.

up to date, audited 364 packages in 2s

16 packages are looking for funding
  run `npm fund` for details

# npm audit report

ansi-regex  >2.1.1 <5.0.1
Severity: moderate
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex
node_modules/npm/node_modules/string-width/node_modules/ansi-regex
  strip-ansi  4.0.0 - 5.2.0
  Depends on vulnerable versions of ansi-regex
  node_modules/npm/node_modules/string-width/node_modules/strip-ansi
    string-width  2.1.0 - 4.1.0
    Depends on vulnerable versions of strip-ansi
    node_modules/npm/node_modules/string-width

json-schema  <0.4.0
Severity: moderate
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/npm/node_modules/json-schema
  jsprim  0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
  Depends on vulnerable versions of json-schema
  node_modules/npm/node_modules/jsprim

5 moderate severity vulnerabilities

To address all issues, run:
  npm audit fix

Answer 1

What happens here is all fine.

The messages you see are not errors, and are normal. They just warn you that some dependencies (and dependencies of dependencies) have vulnerability issues that have been reported, and running the command npm audit fix --force just applies the fixes that have been released by upgrading those packages.

The reason it warns you is to let you know that some packages now have a newer version installed, and it may (extremely rarely, it never happened to me yet) break something if the newest version introduced a bug for example.

Also some packaged cannot be fixed automatically, and the reason for that are stated in the error message.

Answer 2

Firstly, You need to update packages using npm update --save/--save-dev -f . Then, issue this command: npm audit fix --force You can find more information about auditing here