When I run npm audit, I see number of critical issues for ex: @angular/compiler-cli is listed in devDependencies.
High Arbitrary File Overwrite
Package tar
Patched in >=2.2.2 <3.0.0 || >=4.4.2
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > fsevents > node-pre-gyp >
tar
More info https://nodesecurity.io/advisories/803
I want to fix this issue, when I try to access @angular/compiler-cli inside node_modules, I don't find this package, though I have already ran npm install many times.
Let me know if dependencies and devDependencies are present in same node_modules
I don't think people should fix these issues in the node_modules or anywhere else in their local projects. Ideally the two options for fixing issues like this are clone the repo they come from, fix the issue and submit a merge/pull request and/or changing the version that you are using to one that doesn't have the error. With that being said, I think that dependencies are in node_modules.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.