NPM审核:如何更新Jhipster的高漏洞

时间:2020-08-25 13:01:16

标签: jhipster npm-install

当我审核jhipster 6.10.1中的漏洞时,会发现以下内容:

D:\ JHipster \ liquidbasetwo> npm审核

                   === npm audit security report ===


                             Manual Review
         Some vulnerabilities require your attention to resolve

      Visit https://go.npm.me/audit-guide for additional guidance


  Low             Prototype Pollution

  Package         lodash

  Patched in      >=4.17.19

  Dependency of   generator-jhipster [dev]

  Path            generator-jhipster > jhipster-core > lodash

  More info       https://npmjs.com/advisories/1523


  Low             Prototype Pollution

  Package         lodash AND OTHER LIKE THIS ONE


  High            Remote Code Execution

  Package         serialize-javascript

  Patched in      >=3.1.0

  Dependency of   workbox-webpack-plugin [dev]

  Path            workbox-webpack-plugin > workbox-build >
              rollup-plugin-terser > serialize-javascript

  More info       https://npmjs.com/advisories/1548

found 5 vulnerabilities (4 low, 1 high) in 2556 scanned packages
  5 vulnerabilities require manual review. See the full report for details.

所以我尝试更新:npm install serialize-javascript,它给了我很多警告和一个高度脆弱的,不会消失的东西:

D:\JHipster\liquidbasetwo>npm install serialize-javascript
npm WARN @angular/compiler@9.1.11 requires a peer of tslib@^1.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN @angular/compiler-cli@10.0.0 requires a peer of @angular/compiler@10.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @angular/localize@10.0.0 requires a peer of @angular/compiler@10.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @angular/platform-browser-dynamic@10.0.0 requires a peer of @angular/compiler@10.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @fortawesome/angular-fontawesome@0.6.1 requires a peer of @angular/core@^9.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @fortawesome/angular-fontawesome@0.6.1 requires a peer of tslib@^1.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ng-bootstrap/ng-bootstrap@6.1.0 requires a peer of @angular/common@^9.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ng-bootstrap/ng-bootstrap@6.1.0 requires a peer of @angular/core@^9.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ng-bootstrap/ng-bootstrap@6.1.0 requires a peer of @angular/forms@^9.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ng-bootstrap/ng-bootstrap@6.1.0 requires a peer of @angular/localize@^9.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ng-bootstrap/ng-bootstrap@6.1.0 requires a peer of tslib@^1.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ngx-translate/core@12.1.2 requires a peer of tslib@^1.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ngx-translate/http-loader@5.0.0 requires a peer of tslib@^1.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN bootstrap@4.5.0 requires a peer of jquery@1.9.1 - 3 but none is installed. You must install peer dependencies yourself.
npm WARN bootstrap@4.5.0 requires a peer of popper.js@^1.16.0 but none is installed. You must install peer dependencies yourself.
npm WARN codelyzer@5.2.2 requires a peer of @angular/core@>=2.3.1 <10.0.0 || >9.0.0-beta <10.0.0 || >9.1.0-beta <10.0.0 || >9.2.0-beta <10.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN ngx-cookie-service@3.0.4 requires a peer of @angular/common@^9.0.5 but none is installed. You must install peer dependencies yourself.
npm WARN ngx-cookie-service@3.0.4 requires a peer of @angular/core@^9.0.5 but none is installed. You must install peer dependencies yourself.
npm WARN ngx-cookie-service@3.0.4 requires a peer of tslib@^1.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN ngx-webstorage@5.0.0 requires a peer of @angular/common@^9.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN ngx-webstorage@5.0.0 requires a peer of @angular/core@^9.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN ngx-webstorage@5.0.0 requires a peer of tslib@^1.10.0 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.13 (node_modules\webpack-dev-server\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.13 (node_modules\watchpack-chokidar2\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

,然后在循环引用中再次提出。有没有办法停止所有这些并立即修复所有漏洞?

谢谢

0 个答案:

没有答案
相关问题
最新问题