[英]npm upgrade and npm audit fix: problems with vulnerabilities (upgrading react-scripts)
如果我運行npm upgrade
或npm upgrade react-scripts
我總是收到類似的消息
added 84 packages, removed 249 packages, changed 428 packages, and audited 1245 packages in 57s
179 packages are looking for funding
run `npm fund` for details
6 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
所以我嘗試npm audit fix --force
並獲得關於依賴關系和文本的長報告
66 vulnerabilities (15 low, 26 moderate, 24 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
我按照以下步驟運行npm audit fix --force
女巫導致錯誤:
npm ERR! code ERR_INVALID_ARG_TYPE
npm ERR! The "from" argument must be of type string. Received undefined
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\{user}\AppData\Local\npm-cache\_logs\2022-05-09T15_11_33_120Z-debug-0.log
如果我嘗試運行npm audit fix --force
而不是npm audit fix
,我會得到以下信息:
nth-check <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@2.1.3, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
node_modules/react-scripts
6 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
不,再次運行npm audit fix --force
沒有幫助。
有人可以幫助我嗎?
由於新版本 6.3.0 沒有正確的 @svgo 和 @svgr,我們將無法訪問這些模塊。 所以,我的建議是使用舊版本 5.2.0。
不要使用最新版本,而是使用舊版本
npm install react-router-dom@5.2.0
通過在 promt 中運行上述代碼,我們可以訪問“react-router-dom”的所有服務。
謝謝 :)
我也被這個問題掛斷了,並通過將我的 npm 版本更新到最新版本來解決這個問題,然后對於特定的 package 我試圖更新它首先導致問題,我卸載並重新安裝它。 我仍然收到 69 個漏洞消息,但更新確實有效。 祝你好運!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.