[英]Going round in vulnerability circles installing firebase-tools npm
我正在嘗試安裝 firebase 工具。 但是我遇到了這個錯誤:
# npm audit report
express <=4.17.2 || 5.0.0-alpha.1 - 5.0.0-alpha.8
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
Depends on vulnerable versions of qs
fix available via `npm audit fix`
node_modules/firebase-tools/node_modules/express
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install firebase-tools@1.2.0, which is a breaking change
node_modules/firebase-tools/node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/firebase-tools/node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/firebase-tools/node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/firebase-tools/node_modules/superstatic/node_modules/update-notifier
node_modules/firebase-tools/node_modules/update-notifier
firebase-tools >=2.0.0
Depends on vulnerable versions of update-notifier
node_modules/firebase-tools
superstatic >=0.12.11
Depends on vulnerable versions of update-notifier
node_modules/firebase-tools/node_modules/superstatic
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/firebase-tools/node_modules/minimatch
qs 6.5.0 - 6.5.2 || 6.7.0 - 6.7.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/firebase-tools/node_modules/qs
node_modules/firebase-tools/node_modules/request/node_modules/qs
body-parser 1.19.0
Depends on vulnerable versions of qs
node_modules/firebase-tools/node_modules/body-parser
express <=4.17.2 || 5.0.0-alpha.1 - 5.0.0-alpha.8
Depends on vulnerable versions of qs
node_modules/firebase-tools/node_modules/express
10 vulnerabilities (6 moderate, 4 high)
當我跑步時:
npm audit fix // or
npm audit fix --force
我得到完全相同的錯誤。
然后我嘗試查看手動更新包是否有幫助,例如通過運行:
npm install qs@latest
但我遇到了完全相同的問題。
我也有
為什么我似乎無法跳出這個循環?
解決了:
我設法通過使用自動安裝腳本而不是來自https://firebase.google.com/docs/cli#mac-linux-auto-script的 npm 來繞過它:
curl -sL https://firebase.tools | bash
我現在可以使用firebase init
登錄並部署.... 哇!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.