[英]How to resolve NPM audit vulnerabilities?
After running NPM audit I have identified 5 critical issues.在运行 NPM 审计后,我发现了 5 个关键问题。 I have tried updating
@storybook/addon-essentials
& @storybook/react
in order to resolve 4 of these as they say patched in >=xxx
which implies to me they have been resolved in the atleast the latest versions.我尝试更新
@storybook/addon-essentials
和@storybook/react
以解决其中的 4 个问题,因为他们说patched in >=xxx
这对我来说意味着它们至少在最新版本中得到了解决。
I ran npm i @storybook/addon-essentials@latest @storybook/react@latest
and can see package.json (and lock) have latest versions but running an audit again shows the same critical vulnerabilities.我跑了
npm i @storybook/addon-essentials@latest @storybook/react@latest
并且可以看到 package.json (并且再次运行审计漏洞)显示最新版本。
Is there something else I need to update in order to resolve these or have I done something wrong when updating to latest?为了解决这些问题,我是否需要更新其他内容,或者在更新到最新版本时我做错了什么?
There are also some moderate and high vulnerabilities but I have grepped just the critical in order to focus on them for now还有一些中度和高度漏洞,但我已经抓住了关键,以便现在专注于它们
I should also add we are using a private registery for our npm installs but it doesn't support audit so having to run npm audit --registry=https://registry.npmjs.org
against NPM registry.我还应该补充一点,我们正在为我们的 npm 安装使用私有注册表,但它不支持审计,因此必须针对 Z00A5CDC4BE82FD4BA549D52988EF9E 运行
npm audit --registry=https://registry.npmjs.org
。 Not sure if this will make a difference.不确定这是否会有所作为。
Try running npm audit fix
( Documentation )尝试运行
npm audit fix
(文档)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.