Question

我刚刚通过“ ng new”安装了最新版本的Angular，并获得了严重漏洞。按照npm的建议运行审核后，我得到了：

print with vulnerability issue

我安装了最新的webpack（4.28.3）和webpack-dev-server（3.1.14）版本。

我当前对packages.json的devDependicies是：

"devDependencies": {
  "@angular-devkit/build-angular": "^0.11.4",
  "@angular/cli": "~7.1.4",
  "@angular/compiler-cli": "~7.1.0",
  "@angular/language-service": "~7.1.0",
  "@types/jasmine": "~2.8.8",
  "@types/jasminewd2": "~2.0.3",
  "@types/node": "~8.9.4",
  "codelyzer": "~4.5.0",
  "jasmine-core": "~2.99.1",
  "jasmine-spec-reporter": "~4.2.1",
  "karma": "~3.1.1",
  "karma-chrome-launcher": "~2.2.0",
  "karma-coverage-istanbul-reporter": "~2.0.1",
  "karma-jasmine": "~1.1.2",
  "karma-jasmine-html-reporter": "^0.2.2",
  "protractor": "~5.4.0",
  "ts-node": "~7.0.0",
  "tslint": "~5.11.0",
  "typescript": "~3.1.6",
  "webpack": "^4.28.3",
  "webpack-cli": "^3.2.0" }

根据问题webpack-dev-server@3.1.14 getting Missing Origin Validation while using npm audit的正确答案所建议，我尝试在此链接https://npm.community/t/npm-audit-sweems-to-get-semver-wrong/4352/12上运行命令，这些命令是：

npm install --save-dev webpack-dev-server@latest

它仅向devDependecies添加了以下行：

"webpack-dev-server": "^3.1.14"

但是严重性仍然显示。

我还缺少什么吗？

从NPM更新： “如果您仍然遇到问题，请参阅https://npm.community/t/npm-audit-sweems-to-get-semver-wrong，因为某些软件包尚未更新webpack-dev-server，因此，如果不立即删除这些软件包，就无法解决此问题。”

Answer 1

更新到最新的Angular版本可以解决此问题（版本7.2.1）。

Angular版本7.1.4上的NPM严重漏洞

1 个答案: