安裝 react-scripts 會導致漏洞

Question

我卸載了試圖修復終端錯誤的反應腳本。 現在當我運行npm install react-scripts它給了我這個：

Cole@Coles-MacBook-Pro-4 client % npm i react-scripts
npm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated babel-eslint@10.1.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated @hapi/address@2.1.4: Moved to 'npm install @sideway/address'
npm WARN deprecated rollup-plugin-babel@4.4.0: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-babel.
npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/joi@15.1.1: Switch to 'npm install joi'
npm WARN deprecated core-js@2.6.12: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.

added 1881 packages, changed 1 package, and audited 1986 packages in 58s

138 packages are looking for funding
  run `npm fund` for details

87 vulnerabilities (81 moderate, 6 high)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

但是當我運行npm uninstall react-scripts它給了我這個：

Cole@Coles-MacBook-Pro-4 client % npm uninstall react-scripts

removed 1882 packages, and audited 104 packages in 15s

4 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

顯然我確實需要 react-scripts 以便我可以在開發中啟動我的項目。 當我在卸載 react-scripts 的情況下運行npm start ，它給了我sh: react-scripts: command not found

如何在不導致漏洞的情況下安裝 react-scripts？

編輯：當我嘗試npm audit fix時，它給了我這個討厭的消息：

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! Found: type-fest@0.21.3
npm ERR! node_modules/type-fest
npm ERR!   type-fest@"^0.21.3" from ansi-escapes@4.3.2
npm ERR!   node_modules/ansi-escapes
npm ERR!     ansi-escapes@"^4.2.1" from @jest/core@26.6.3
npm ERR!     node_modules/@jest/core
npm ERR!       @jest/core@"^26.6.0" from jest@26.6.0
npm ERR!       node_modules/jest
npm ERR!         peer jest@"^26.0.0" from jest-watch-typeahead@0.6.1
npm ERR!         node_modules/jest-watch-typeahead
npm ERR!         1 more (react-scripts)
npm ERR!       1 more (jest-cli)
npm ERR!     ansi-escapes@"^4.3.1" from jest-watch-typeahead@0.6.1
npm ERR!     node_modules/jest-watch-typeahead
npm ERR!       jest-watch-typeahead@"0.6.1" from react-scripts@4.0.3
npm ERR!       node_modules/react-scripts
npm ERR!         react-scripts@"^4.0.3" from the root project
npm ERR!     2 more (jest-watcher, terminal-link)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peerOptional type-fest@"^0.13.1" from @pmmmwh/react-refresh-webpack-plugin@0.4.3
npm ERR! node_modules/@pmmmwh/react-refresh-webpack-plugin
npm ERR!   @pmmmwh/react-refresh-webpack-plugin@"0.4.3" from react-scripts@4.0.3
npm ERR!   node_modules/react-scripts
npm ERR!     react-scripts@"^4.0.3" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /Users/Cole/.npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/Cole/.npm/_logs/2021-05-26T13_04_40_793Z-debug.log

也許我必須卸載並重新安裝整個 create-react-app package？ 我在不同的文件夾中啟動了一個不同的項目，但在輸入npx create-react-app <name>后仍然存在相同的問題。 聽起來我的整個電腦現在都搞砸了。

Answer 1

如何在不導致漏洞的情況下安裝 react-scripts？

你不能。 您必須等待作者（在本例中為 Facebook）更新其依賴項以消除漏洞。