每当我使用react-native init <projname>创建一个新的React Native项目,然后尝试安装我的项目所需的任何NPM软件包时,我总是会遇到此错误-
发现了11个严重程度较低的漏洞
我应该如何解决此错误?
我已经尝试过npm audit fix。但是它说错误应该手动解决。
$ npm install react-native-elements --save
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\sane.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\sane
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\sane as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\sane
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\jest.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\jest-cli
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\jest as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\jest-cli
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esvalidate.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esparse.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esvalidate as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esparse as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
> react-native-elements@1.1.0 postinstall C:\Users\jjeff\Documents\React Native\testOne\node_modules\react-native-elements
> opencollective-postinstall
Thank you for using react-native-elements!
If you rely on this package, please consider supporting our open collective:
> https://opencollective.com/react-native-elements/donate
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN react-native-elements@1.1.0 requires a peer of react-native-vector-icons@>6.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.7 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.7: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
+ react-native-elements@1.1.0
added 54 packages from 33 contributors, removed 34 packages, updated 918 packages and audited 515931 packages in 112.858s
found 11 low severity vulnerabilities
run `npm audit fix` to fix them, or `npm audit` for details
答案 0 :(得分:0)
您可以尝试项目中使用的软件包的最新版本。
您可以尝试以下命令。
npm install pkg-name
或
npm install pkg-name@^version
pkg-name是程序包名称,版本是package version。
安装最新版本后,您可以尝试
npm audit fix
希望它能起作用。
答案 1 :(得分:0)
您可以运行npm audit来检查这些漏洞的详细信息,通常它们属于您为项目安装的依赖项/程序包。这意味着,除非有尚未应用到特定软件包的最新更新,否则您无能为力。
在您的情况下,它是严重性较低的漏洞,因此我不必太担心它们,如果需要,只需使用npm audit并查看是否存在让您特别担心的漏洞,如果是,请解决他们将其交给软件包开发人员,考虑替代方案或分叉项目并自己修复漏洞,这是最后的选择。但是,我再也不必为此担心,因为它们只是严重性较低的漏洞。
答案 2 :(得分:0)
因此,问题已自动解决。主要问题是该项目由于存在漏洞而无法运行。但是大约一个月之后,我开始使用Yarn来安装依赖项,因此我看不到这些漏洞。这个问题现在消失了。