[英]With nestjs / node / npm project how to override a transitive dependency
I have a nestjs / node / npm project and trying to override a transitive dependency due to security vulnerability.我有一个nestjs / node / npm 项目并且由于安全漏洞而试图覆盖传递依赖。
The project that seems to include it is:似乎包括它的项目是:
"@nestjs/common": "7.6.18", "@nestjs/common": "7.6.18",
And that project includes axios 0.21.1, I want to upgrade to axios 0.21.2该项目包括 axios 0.21.1,我想升级到 axios 0.21.2
In my package.json I tried using the overrides feature with the following.在我的 package.json 中,我尝试使用以下覆盖功能。
},
"overrides": {
"axios": "0.21.2"
},
"jest": {
But then I get this entry when I run npm list.但是当我运行 npm 列表时,我得到了这个条目。
npm list --depth=4 npm 列表 --depth=4
│ ├─┬ axios@0.21.1 invalid: "0.21.2" from node_modules/@nestjs/common │ ├─┬ axios@0.21.1 invalid: "0.21.2" from node_modules/@nestjs/common
And only seems to include axios 0.21.2.而且似乎只包括 axios 0.21.2。
How do I upgrade a transitive dependency.如何升级传递依赖项。
I am mostly using the nest wrappers:我主要使用嵌套包装器:
nest build, etc筑巢等
npm --version - 8.3.1 npm --版本-8.3.1
node --version - v17.4.0节点--版本-v17.4.0
You can try resolutions in npm -您可以尝试 npm 中的分辨率 -
{
"resolutions": {
"axios": "0.21.2"
}
}
And then force to install it using preinstall.然后强制使用预安装来安装它。
"scripts": {
"preinstall": "npx npm-force-resolutions"
}
https://www.npmjs.com/package/npm-force-resolutions https://www.npmjs.com/package/npm-force-resolutions
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.