package-lock.json文件中列出的依赖项具有混合(sha1 / sha512)完整性校验和。

时间:2018-10-01 16:57:41

标签: npm npm-install

我了解npm已将完整性校验和从sha1更改为sha512,但是我感到困惑的是,为什么包锁json文件中的少数依赖项仍然显示sha1完整性校验和。

在package-lock文件中添加以下几行,其中混合了sha1和sha512。根据我的理解,所有sha1应该已经被sha512取代。

 "assign-symbols": {
  "version": "1.0.0",
  "resolved": "https://registry.npmjs.org/assign-symbols/-/assign-symbols-1.0.0.tgz",
  "integrity": "sha1-WWZ/QfrdTyDMvCu5a41Pf3jsA2c=",
  "dev": true
},
"async": {
  "version": "2.6.1",
  "resolved": "https://registry.npmjs.org/async/-/async-2.6.1.tgz",
  "integrity": "sha512-fNEiL2+AZt6AlAw/29Cr0UDe4sRAHCpEHh54WMz+Bb7QfNcFw4h3loofyJpLeQs4Yx7yuqu/2dLgM5hKOs6HlQ==",
  "dev": true,
  "requires": {
    "lodash": "4.17.11"
  }
},
"async-each": {
  "version": "1.0.1",
  "resolved": "https://registry.npmjs.org/async-each/-/async-each-1.0.1.tgz",
  "integrity": "sha1-GdOGodntxufByF04iu28xW0zYC0=",
  "dev": true
},
"atob": {
  "version": "2.1.2",
  "resolved": "https://registry.npmjs.org/atob/-/atob-2.1.2.tgz",
  "integrity": "sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==",
  "dev": true
},
"atob-lite": {
  "version": "1.0.0",
  "resolved": "https://registry.npmjs.org/atob-lite/-/atob-lite-1.0.0.tgz",
  "integrity": "sha1-uI3KYAaSK5YglPdVaCa6sxxKKWs="
},
"autoprefixer": {
  "version": "6.7.7",
  "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-6.7.7.tgz",
  "integrity": "sha1-Hb0cg1ZY41zj+ZhAmdsAWFx4IBQ=",
  "dev": true,
  "requires": {
    "browserslist": "1.7.7",
    "caniuse-db": "1.0.30000888",
    "normalize-range": "0.1.2",
    "num2fraction": "1.2.2",
    "postcss": "5.2.18",
    "postcss-value-parser": "3.3.0"
  }
}

任何有助于我理解的参考资料都将有所帮助。

0 个答案:

没有答案