I'm trying to use npm ls
to find the source of security warnings. The docs mention that:
Positional arguments are name@version-range identifiers, which will limit the results to only the paths to the packages named.
I'm fixing CVE-2020-7598 for package minimist
which says:
CVE-2020-7598 Vulnerable versions: < 0.2.1 Patched version: 0.2.1
Now npm ls minimist
gives all dependencies tracked, but I want to do it for the specific range. So I've tried:
npm ls "minimist<0.2.1"
gives The system cannot find the file specified.
npm ls "minimist@<0.2.1"
gives The system cannot find the file specified.
npm ls "minimist@<=0.2.0"
gives The system cannot find the file specified.
npm ls "minimist@0.2.0"
gives -- (empty)
(which makes sense because eg 0.0.8 is in my tree) So, how can I make npm ls
return packages below a certain version in my dependency tree?
The synopsis for the command you want is as follows:
npm ls <pkg>@"<comparator>"
^ ^
Note: The double quotes are wrapped around the comparator part only.
For instance:
npm ls minimist@"<0.2.1"
^ ^
Any valid semver range comparators are permitted between the quotes. For example:
npm ls minimist@"<=0.2.0 >=0.0.8"
^ ^
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.