如何修复在gulp-sass中发现的漏洞(tar导致此问题)

时间:2019-04-19 16:43:12

标签: npm sass gulp

我得到他以下错误警告我修复tar漏洞:

[!] 1 vulnerability found [7018 packages audited]
    Severity: 1 high    Run `npm audit` for more detail

>npm audit                                                                                
=== npm audit security report ===                        

Manual Review
Some vulnerabilities require your attention to resolve                                                                                                  Visit https://go.npm.me/audit-guide for additional guidance                 
  high            Arbitrary File Overwrite          

  Package         tar                                                           
  Dependency of   gulp-sass [dev]                                               
  Path            gulp-sass > node-sass > node-gyp > tar                        

  More info       https://nodesecurity.io/advisories/803                        

[!] 1 vulnerability found - Packages audited: 7018 (627 dev, 97 optional)
    Severity: 1 high

我想知道如何在另一个软件包中解决此问题。

1 个答案:

答案 0 :(得分:0)

从package-lock.json的node-gyp的必需部分中删除tar,并将依赖项部分中的版本替换为^4.4.2或更高版本

相关问题
最新问题