webpack-dev-server@3.1.14使用npm审核时获取​​缺少的来源验证

时间:2019-01-02 10:18:37

标签: security webpack-dev-server npm-audit

我已将webpack-dev-server更新到最新的3.1.14,但是在使用npm audit --fix时仍然遇到漏洞问题。我已经尝试了一切。清理缓存。清除所有模块,然后再次安装,但全部相同。

以下是我运行npm audit

时的错误 
$ npm audit

                   === npm audit security report ===                        


                             Manual Review                                  
         Some vulnerabilities require your attention to resolve             

      Visit https://go.npm.me/audit-guide for additional guidance           




  High            Missing Origin Validation                                     

  Package         webpack-dev-server                                            

  Patched in      >=3.1.11                                                      

  Dependency of   webpack-dev-server [dev]                                      

  Path            webpack-dev-server                                            

  More info       https://nodesecurity.io/advisories/725                        

found 1 high severity vulnerability in 60688 scanned packages
  1 vulnerability requires manual review. See the full report for details.

1 个答案:

答案 0 :(得分:1)

似乎归因于npm漏洞数据库中的错字。希望很快修复: https://npm.community/t/npm-audit-sweems-to-get-semver-wrong/4352

相关问题
最新问题