我了解npm已将完整性校验和从sha1更改为sha512,但是我感到困惑的是,为什么包锁json文件中的少数依赖项仍然显示sha1完整性校验和。
在package-lock文件中添加以下几行,其中混合了sha1和sha512。根据我的理解,所有sha1应该已经被sha512取代。
"assign-symbols": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/assign-symbols/-/assign-symbols-1.0.0.tgz",
"integrity": "sha1-WWZ/QfrdTyDMvCu5a41Pf3jsA2c=",
"dev": true
},
"async": {
"version": "2.6.1",
"resolved": "https://registry.npmjs.org/async/-/async-2.6.1.tgz",
"integrity": "sha512-fNEiL2+AZt6AlAw/29Cr0UDe4sRAHCpEHh54WMz+Bb7QfNcFw4h3loofyJpLeQs4Yx7yuqu/2dLgM5hKOs6HlQ==",
"dev": true,
"requires": {
"lodash": "4.17.11"
}
},
"async-each": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/async-each/-/async-each-1.0.1.tgz",
"integrity": "sha1-GdOGodntxufByF04iu28xW0zYC0=",
"dev": true
},
"atob": {
"version": "2.1.2",
"resolved": "https://registry.npmjs.org/atob/-/atob-2.1.2.tgz",
"integrity": "sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==",
"dev": true
},
"atob-lite": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/atob-lite/-/atob-lite-1.0.0.tgz",
"integrity": "sha1-uI3KYAaSK5YglPdVaCa6sxxKKWs="
},
"autoprefixer": {
"version": "6.7.7",
"resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-6.7.7.tgz",
"integrity": "sha1-Hb0cg1ZY41zj+ZhAmdsAWFx4IBQ=",
"dev": true,
"requires": {
"browserslist": "1.7.7",
"caniuse-db": "1.0.30000888",
"normalize-range": "0.1.2",
"num2fraction": "1.2.2",
"postcss": "5.2.18",
"postcss-value-parser": "3.3.0"
}
}
任何有助于我理解的参考资料都将有所帮助。