我已经使用express coserver命令安装了Express Server,然后使用.npm install'命令来安装其他节点程序包/依赖项,但是得到了以下结果:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Incorrect Handling of Non-Boolean Comparisons During
Minification
Package uglify-js
Patched in >= 2.4.24
Dependency of jade
Path jade > transformers > uglify-js
More info https://nodesecurity.io/advisories/39
Low Regular Expression Denial of Service
Package uglify-js
Patched in >=2.6.0
Dependency of jade
Path jade > transformers > uglify-js
More info https://nodesecurity.io/advisories/48
Critical Sandbox Bypass Leading to Arbitrary Code Execution
Package constantinople
Patched in >=3.1.1
Dependency of jade
Path jade > constantinople
More info https://nodesecurity.io/advisories/568
Low Regular Expression Denial of Service
Package clean-css
Patched in >=4.1.11
Dependency of jade
Path jade > clean-css
More info https://nodesecurity.io/advisories/785
found 4 vulnerabilities (3 low, 1 critical) in 194 scanned packages
4 vulnerabilities require manual review. See the full report for details.
我的node --version是v10.15.0,而express --version是4.16.1,我使用的是Windows10。我不知道是否需要在此处放置其他信息,但请告诉我如果是这样的话。
答案 0 :(得分:2)
问题发生时
您可能使用express application generator创建了骨架网站。在未指定要使用哪个视图引擎的情况下创建应用程序时会遇到此问题。 express <appname>将以下软件包作为依赖项安装(在撰写本文时),而问题出在“ jade”软件包。 “ 玉器”是 express-generator 工具的默认视图引擎,但“玉器”已重命名为“ pug” ,而玉器现在< strong>已弃用。
"cookie-parser": "~1.4.4",
"debug": "~2.6.9",
"express": "~4.16.1",
"http-errors": "~1.6.3",
"jade": "~1.11.0",
"morgan": "~1.9.1"
如何修复
使用“ pug” (玉的重命名版本)作为视图引擎
express myapp --view=pug
如果“ pug”漏洞的严重性较低,请尝试
npm audit fix
生成没有视图引擎的应用程序
exprees myapp --no-view
有关“玉器”包装的更多信息:https://www.npmjs.com/package/jade
答案 1 :(得分:2)
原因:翡翠已重命名为哈巴狗,请安装最新版本的哈巴狗代替翡翠
修复:
答案 2 :(得分:0)
当我尝试使用npx express-generator myapp命令安装Express时,遇到了同样的错误。
要解决此错误,请执行以下步骤:
删除了我试图在其中安装express的文件夹(myapp)。
重新开始。
npm install抛出了1个低严重漏洞,后来由npm audit fix
您的Express.js应该已成功安装。