![](/img/trans.png)
[英]npm upgrade and npm audit fix: problems with vulnerabilities (upgrading react-scripts)
[英]Installing react-scripts causes vulnerabilities
我卸載了試圖修復終端錯誤的反應腳本。 現在當我運行npm install react-scripts
它給了我這個:
Cole@Coles-MacBook-Pro-4 client % npm i react-scripts
npm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated babel-eslint@10.1.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated @hapi/address@2.1.4: Moved to 'npm install @sideway/address'
npm WARN deprecated rollup-plugin-babel@4.4.0: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-babel.
npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/joi@15.1.1: Switch to 'npm install joi'
npm WARN deprecated core-js@2.6.12: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.
added 1881 packages, changed 1 package, and audited 1986 packages in 58s
138 packages are looking for funding
run `npm fund` for details
87 vulnerabilities (81 moderate, 6 high)
To address all issues, run:
npm audit fix
Run `npm audit` for details.
但是當我運行npm uninstall react-scripts
它給了我這個:
Cole@Coles-MacBook-Pro-4 client % npm uninstall react-scripts
removed 1882 packages, and audited 104 packages in 15s
4 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
顯然我確實需要 react-scripts 以便我可以在開發中啟動我的項目。 當我在卸載 react-scripts 的情況下運行npm start
,它給了我sh: react-scripts: command not found
如何在不導致漏洞的情況下安裝 react-scripts?
編輯:當我嘗試npm audit fix
時,它給了我這個討厭的消息:
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! Found: type-fest@0.21.3
npm ERR! node_modules/type-fest
npm ERR! type-fest@"^0.21.3" from ansi-escapes@4.3.2
npm ERR! node_modules/ansi-escapes
npm ERR! ansi-escapes@"^4.2.1" from @jest/core@26.6.3
npm ERR! node_modules/@jest/core
npm ERR! @jest/core@"^26.6.0" from jest@26.6.0
npm ERR! node_modules/jest
npm ERR! peer jest@"^26.0.0" from jest-watch-typeahead@0.6.1
npm ERR! node_modules/jest-watch-typeahead
npm ERR! 1 more (react-scripts)
npm ERR! 1 more (jest-cli)
npm ERR! ansi-escapes@"^4.3.1" from jest-watch-typeahead@0.6.1
npm ERR! node_modules/jest-watch-typeahead
npm ERR! jest-watch-typeahead@"0.6.1" from react-scripts@4.0.3
npm ERR! node_modules/react-scripts
npm ERR! react-scripts@"^4.0.3" from the root project
npm ERR! 2 more (jest-watcher, terminal-link)
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peerOptional type-fest@"^0.13.1" from @pmmmwh/react-refresh-webpack-plugin@0.4.3
npm ERR! node_modules/@pmmmwh/react-refresh-webpack-plugin
npm ERR! @pmmmwh/react-refresh-webpack-plugin@"0.4.3" from react-scripts@4.0.3
npm ERR! node_modules/react-scripts
npm ERR! react-scripts@"^4.0.3" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See /Users/Cole/.npm/eresolve-report.txt for a full report.
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/Cole/.npm/_logs/2021-05-26T13_04_40_793Z-debug.log
也許我必須卸載並重新安裝整個 create-react-app package? 我在不同的文件夾中啟動了一個不同的項目,但在輸入npx create-react-app <name>
后仍然存在相同的問題。 聽起來我的整個電腦現在都搞砸了。
如何在不導致漏洞的情況下安裝 react-scripts?
你不能。 您必須等待作者(在本例中為 Facebook)更新其依賴項以消除漏洞。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.