前一段时间,我遇到了一个名为“ Missing Origin Validation”的npm漏洞。
消息如下:
High Missing Origin Validation
Package webpack-dev-server
Dependency of react-scripts
Path react-scripts > webpack-dev-server
More info https://nodesecurity.io/advisories/725
当我按照NPM的说明进行操作并通过运行npm进行修复时,请安装react-scripts@2.1.1。很好
最近,在我的另一个分支(我们称其为分支test)上,我出于某些目的安装了webpack。即使在技术上仅将webpack安装在我的test分支中,当我切换到我的master分支时,还是发生了:
The react-scripts package provided by Create React App requires a dependency:
"webpack": "4.19.1"
Don't try to install it manually: your package manager does it automatically.
However, a different version of webpack was detected higher up in the tree:
C:\Users\pzheng\my-app\node_modules\webpack (version: 4.25.1)
我在主分支的package.json中看不到安装了webpack。但是,我仍然遵循NPM的指示:删除了package-lock.json和node_modules然后运行了npm install
它已修复,但随后再次出现Missing Origin Validation漏洞。我现在正处于一个周期。将来test分支将被合并。然后,我需要选择一个版本。但是,任何一个版本都会导致错误。
感谢您的帮助。