[英]Problems with Npm and Json file
So im new to coding and wanted to recode a program, but for doing that i need to get the programm running to understand it.所以我是编码新手,想重新编码一个程序,但为此我需要让程序运行才能理解它。 However when i run npm install in the cmd this pops up
但是,当我运行 npm 安装在 cmd 中时,这会弹出
up to date, audited 364 packages in 1s
16 packages are looking for funding
run `npm fund` for details
5 moderate severity vulnerabilities
To address all issues, run:
npm audit fix
Run `npm audit` for details.
I tried everything but cant get it to work (npm audit fix doesnt work) Do I need to update these packages?我尝试了所有方法,但无法正常工作(npm audit fix 不起作用)我需要更新这些软件包吗? npm fund:
npm基金:
Program@1.0.0
+-- https://github.com/chalk/chalk?sponsor=1
| | `-- chalk@4.1.2
| `-- https://github.com/chalk/ansi-styles?sponsor=1
| `-- ansi-styles@4.3.0
+-- https://github.com/sponsors/isaacs
| `-- glob@7.2.0, rimraf@3.0.2, json-stringify-nice@1.1.4, promise-all-reject-late@1.0.1, promise-call-limit@1.0.1
+-- https://github.com/sponsors/sindresorhus
| `-- p-map@4.0.0, get-stream@5.2.0, p-limit@2.3.0
+-- https://github.com/sponsors/ljharb
| `-- is-core-module@2.7.0
+-- https://github.com/sponsors/feross
| `-- safe-buffer@5.2.1, buffer@5.7.1, base64-js@1.5.1, ieee754@1.2.1
`-- https://github.com/sponsors/epoberezkin
`-- ajv@6.12.6
This happens when using audit fix --force使用 audit fix --force 时会发生这种情况
C:\Users\pepar\Desktop\program>npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit fix json-schema@0.2.3 node_modules/npm/node_modules/json-schema
npm WARN audit fix json-schema@0.2.3 is a bundled dependency of
npm WARN audit fix json-schema@0.2.3 npm@7.24.2 at node_modules/npm
npm WARN audit fix json-schema@0.2.3 It cannot be fixed automatically.
npm WARN audit fix json-schema@0.2.3 Check for updates to the npm package.
npm WARN audit fix ansi-regex@5.0.0 node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex
npm WARN audit fix ansi-regex@5.0.0 is a bundled dependency of
npm WARN audit fix ansi-regex@5.0.0 npm@7.24.2 at node_modules/npm
npm WARN audit fix ansi-regex@5.0.0 It cannot be fixed automatically.
npm WARN audit fix ansi-regex@5.0.0 Check for updates to the npm package.
npm WARN audit fix ansi-regex@3.0.0 node_modules/npm/node_modules/string-width/node_modules/ansi-regex
npm WARN audit fix ansi-regex@3.0.0 is a bundled dependency of
npm WARN audit fix ansi-regex@3.0.0 npm@7.24.2 at node_modules/npm
npm WARN audit fix ansi-regex@3.0.0 It cannot be fixed automatically.
npm WARN audit fix ansi-regex@3.0.0 Check for updates to the npm package.
npm WARN audit fix jsprim@1.4.1 node_modules/npm/node_modules/jsprim
npm WARN audit fix jsprim@1.4.1 is a bundled dependency of
npm WARN audit fix jsprim@1.4.1 npm@7.24.2 at node_modules/npm
npm WARN audit fix jsprim@1.4.1 It cannot be fixed automatically.
npm WARN audit fix jsprim@1.4.1 Check for updates to the npm package.
npm WARN audit fix strip-ansi@4.0.0 node_modules/npm/node_modules/string-width/node_modules/strip-ansi
npm WARN audit fix strip-ansi@4.0.0 is a bundled dependency of
npm WARN audit fix strip-ansi@4.0.0 npm@7.24.2 at node_modules/npm
npm WARN audit fix strip-ansi@4.0.0 It cannot be fixed automatically.
npm WARN audit fix strip-ansi@4.0.0 Check for updates to the npm package.
npm WARN audit fix string-width@2.1.1 node_modules/npm/node_modules/string-width
npm WARN audit fix string-width@2.1.1 is a bundled dependency of
npm WARN audit fix string-width@2.1.1 npm@7.24.2 at node_modules/npm
npm WARN audit fix string-width@2.1.1 It cannot be fixed automatically.
npm WARN audit fix string-width@2.1.1 Check for updates to the npm package.
up to date, audited 364 packages in 2s
16 packages are looking for funding
run `npm fund` for details
# npm audit report
ansi-regex >2.1.1 <5.0.1
Severity: moderate
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex
node_modules/npm/node_modules/string-width/node_modules/ansi-regex
strip-ansi 4.0.0 - 5.2.0
Depends on vulnerable versions of ansi-regex
node_modules/npm/node_modules/string-width/node_modules/strip-ansi
string-width 2.1.0 - 4.1.0
Depends on vulnerable versions of strip-ansi
node_modules/npm/node_modules/string-width
json-schema <0.4.0
Severity: moderate
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/npm/node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/npm/node_modules/jsprim
5 moderate severity vulnerabilities
To address all issues, run:
npm audit fix
What happens here is all fine.这里发生的一切都很好。
The messages you see are not errors, and are normal.您看到的消息不是错误,是正常的。 They just warn you that some dependencies (and dependencies of dependencies) have vulnerability issues that have been reported, and running the command
npm audit fix --force
just applies the fixes that have been released by upgrading those packages.他们只是警告您某些依赖项(以及依赖项的依赖项)存在已报告的漏洞问题,并且运行命令
npm audit fix --force
只会应用通过升级这些软件包发布的修复程序。
The reason it warns you is to let you know that some packages now have a newer version installed, and it may (extremely rarely, it never happened to me yet) break something if the newest version introduced a bug for example.它警告您的原因是让您知道某些软件包现在安装了较新的版本,如果最新版本引入了错误,它可能(非常罕见,它从未发生在我身上)会破坏某些东西。
Also some packaged cannot be fixed automatically, and the reason for that are stated in the error message.还有一些打包的不能自动修复,错误信息中说明了原因。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.