如何解决 NPM 审计漏洞?
[英]How to resolve NPM audit vulnerabilities?
问题描述
After running NPM audit I have identified 5 critical issues.
在运行 NPM 审计后,我发现了 5 个关键问题。 I have tried updating @storybook/addon-essentials & @storybook/react in order to resolve 4 of these as they say patched in >=xxx which implies to me they have been resolved in the atleast the latest versions.我尝试更新@storybook/addon-essentials和@storybook/react以解决其中的 4 个问题,因为他们说patched in >=xxx这对我来说意味着它们至少在最新版本中得到了解决。
I ran npm i @storybook/addon-essentials@latest @storybook/react@latest and can see package.json (and lock) have latest versions but running an audit again shows the same critical vulnerabilities.我跑了npm i @storybook/addon-essentials@latest @storybook/react@latest并且可以看到 package.json (并且再次运行审计漏洞)显示最新版本。
Is there something else I need to update in order to resolve these or have I done something wrong when updating to latest?为了解决这些问题,我是否需要更新其他内容,或者在更新到最新版本时我做错了什么?
There are also some moderate and high vulnerabilities but I have grepped just the critical in order to focus on them for now还有一些中度和高度漏洞,但我已经抓住了关键,以便现在专注于它们
I should also add we are using a private registery for our npm installs but it doesn't support audit so having to run npm audit --registry=https://registry.npmjs.org against NPM registry.我还应该补充一点,我们正在为我们的 npm 安装使用私有注册表,但它不支持审计,因此必须针对 Z00A5CDC4BE82FD4BA549D52988EF9E 运行npm audit --registry=https://registry.npmjs.org 。 Not sure if this will make a difference.不确定这是否会有所作为。
1 个解决方案
解决方案1
-1 2021-12-13 11:46:37
Try running npm audit fix ( Documentation )尝试运行npm audit fix (文档)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.