npm_install`1高严重性漏洞`节点版本:12.18.3
在我的Node_modules文件夹中安装了wss,它还安装了一个名为istanbul的东西?这正常吗?在安装Wss时,它还安装了47个其他软件包。.不确定这是否应该发生或出了什么问题。仍然尝试更新package.json文件,它给出了一些我不太了解的错误。
终端输出如下:
[letlziml@premium88 ~]$ source /home/letlziml/nodevenv/public_html/0/0/0/0/1/0/1/NodeTest/12/bin/activate && cd /home/letlziml/public_html/0/0/0/0/1/0/1/NodeTest
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install -g https
ln: creating symbolic link `/home/letlziml/nodevenv/public_html/0/0/0/0/1/0/1/NodeTest/12/lib/package.json': No such file or directory
+ https@1.0.0
added 1 package from 1 contributor in 0.457s
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install -g ws
ln: creating symbolic link `/home/letlziml/nodevenv/public_html/0/0/0/0/1/0/1/NodeTest/12/lib/package.json': No such file or directory
+ ws@7.3.1
added 1 package from 1 contributor in 0.434s
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install -g wss
ln: creating symbolic link `/home/letlziml/nodevenv/public_html/0/0/0/0/1/0/1/NodeTest/12/lib/package.json': No such file or directory
npm WARN deprecated istanbul@0.4.5: This module is no longer maintained, try this instead:
npm WARN deprecated npm i nyc
npm WARN deprecated Visit https://istanbul.js.org/integrations for other alternatives.
+ wss@3.3.4
added 47 packages from 148 contributors in 3.006s
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install -g osln: creating symbolic link `/home/letlziml/nodevenv/public_html/0/0/0/0/1/0/1/NodeTest/12/lib/package.json': No such file or directory
+ os@0.1.1
added 1 package from 1 contributor in 0.511s
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm init
This utility will walk you through creating a package.json file.
It only covers the most common items, and tries to guess sensible defaults.
See `npm help init` for definitive documentation on these fields
and exactly what they do.
Use `npm install <pkg>` afterwards to install a package and
save it as a dependency in the package.json file.
Press ^C at any time to quit.
package name: (nodetest) ^C
Sorry, name can only contain URL-friendly characters and name can no longer contain capital letters.
package name: (nodetest) npm WARN init canceled
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm int -y
Usage: npm <command>
where <command> is one of:
access, adduser, audit, bin, bugs, c, cache, ci, cit,
clean-install, clean-install-test, completion, config,
create, ddp, dedupe, deprecate, dist-tag, docs, doctor,
edit, explore, fund, get, help, help-search, hook, i, init,
install, install-ci-test, install-test, it, link, list, ln,
login, logout, ls, org, outdated, owner, pack, ping, prefix,
profile, prune, publish, rb, rebuild, repo, restart, root,
run, run-script, s, se, search, set, shrinkwrap, star,
stars, start, stop, t, team, test, token, tst, un,
uninstall, unpublish, unstar, up, update, v, version, view,
whoami
npm <command> -h quick help on <command>
npm -l display full usage info
npm help <term> search for help on <term>
npm help npm involved overview
Specify configs in the ini-formatted file:
/home/letlziml/.npmrc
or on the command line via: npm <command> --key value
Config info can be viewed via: npm help config
npm@6.14.6 /opt/alt/alt-nodejs12/root/usr/lib/node_modules/npm
Did you mean one of these?
init
it
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm init -y
Wrote to /home/letlziml/public_html/0/0/0/0/1/0/1/NodeTest/package.json:
{
"name": "NodeTest",
"version": "1.0.0",
"description": "",
"main": "app.js",
"dependencies": {},
"devDependencies": {},
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC"
}
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install -g os
+ os@0.1.1
updated 1 package in 0.377s
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install -g fs
+ fs@0.0.1-security
added 1 package in 0.341s
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install -g url
+ url@0.11.0
added 3 packages from 3 contributors in 0.748s
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install -g util
+ util@0.12.3
added 27 packages from 17 contributors in 2.589s
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install -g path
+ path@0.12.7
added 4 packages from 2 contributors in 0.772s
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install -g http
+ http@0.0.1-security
added 1 package in 0.351s
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install -g https
+ https@1.0.0
updated 1 package in 0.326s
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install -g crypto
npm WARN deprecated crypto@1.0.1: This package is no longer supported. It's now a built-in Node module. If you've depended on crypto, you should switch to the one that's built-in.
+ crypto@1.0.1
added 1 package in 0.327s
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install -g events
+ events@3.2.0
added 1 package from 1 contributor in 0.358s
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install -g querystring
+ querystring@0.2.0
added 1 package from 1 contributor in 0.341s
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm init -y
Wrote to /home/letlziml/public_html/0/0/0/0/1/0/1/NodeTest/package.json:
{
"name": "NodeTest",
"version": "1.0.0",
"main": "app.js",
"dependencies": {},
"devDependencies": {},
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC",
"description": ""
}
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm install --save wss
npm WARN deprecated istanbul@0.4.5: This module is no longer maintained, try this instead:
npm WARN deprecated npm i nyc
npm WARN deprecated Visit https://istanbul.js.org/integrations for other alternatives.
npm WARN NodeTest@1.0.0 No description
npm WARN NodeTest@1.0.0 No repository field.
+ wss@3.3.4
added 47 packages from 148 contributors and audited 47 packages in 43.684s
found 1 high severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm audit
npm ERR! code EAUDITNOLOCK
npm ERR! audit Neither npm-shrinkwrap.json nor package-lock.json found: Cannot audit a project without a lockfile
npm ERR! audit Try creating one first with: npm i --package-lock-only
npm ERR! A complete log of this run can be found in:
npm ERR! /home/letlziml/.npm/_logs/2020-10-09T14_58_00_189Z-debug.log
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm audit fix
npm ERR! code EAUDITNOLOCK
npm ERR! audit Neither npm-shrinkwrap.json nor package-lock.json found: Cannot audit a project without a lockfile
npm ERR! audit Try creating one first with: npm i --package-lock-only
npm ERR! A complete log of this run can be found in:
npm ERR! /home/letlziml/.npm/_logs/2020-10-09T14_58_24_982Z-debug.log
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm i --package-lock-only
npm WARN NodeTest@1.0.0 No description
npm WARN NodeTest@1.0.0 No repository field.
audited 47 packages in 0.911s
found 1 high severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$ npm audit fix
npm ERR! code EAUDITNOLOCK
npm ERR! audit Neither npm-shrinkwrap.json nor package-lock.json found: Cannot audit a project without a lockfile
npm ERR! audit Try creating one first with: npm i --package-lock-only
npm ERR! A complete log of this run can be found in:
npm ERR! /home/letlziml/.npm/_logs/2020-10-09T15_00_00_845Z-debug.log
[public_html/0/0/0/0/1/0/1/NodeTest (12)] [letlziml@premium88 NodeTest]$
按照终端的建议尝试了npm审核修复程序,但这是说它需要手动审核?
1 个答案:
答案 0 :(得分:0)
这里有几个问题。我会尽力涵盖所有内容。
它还安装了一个叫做伊斯坦布尔的东西吗?这正常吗?
是的,istanbul是wss的依赖项。
它安装了47个其他软件包。不确定是否应该发生或出了什么问题
听起来不错,wss有2个直接依赖项(ws和istanbul)。 ws没有依赖关系,但是istanbul有14个依赖关系。如果继续向下浏览依赖关系链,则应该最多增加47个依赖关系。
按照终端的建议尝试了npm审核修复程序,但这是说它需要手动审核?
对于版本2.0.0至3.3.0,ws依赖项中存在一个安全问题(请参阅下面的审核代码段)。不幸的是wss的{{1}}依赖项固定在版本^ 2.3.1(请参阅https://github.com/ivoputzer/wss/blob/master/package.json#L34)上,因此没有修补任何兼容版本。这是一个需要在ws库中解决的问题。
wss
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?