如何修改npm审核报告

时间:2019-05-03 11:36:04

标签: angular angular-cli devkit angular-cli-v7

当我运行npm audit命令

  

=== npm审核安全报告=== 

`Manual Review 

 Some vulnerabilities require your attention to resolve 

 Visit https://go.npm.me/audit-guide for additional guidance `



High          │ Arbitrary File Overwrite                                     

Package       │ tar                                                          
Patched in    │ >=4.4.2                                                       
Dependency of │ @angular-devkit/build-angular [dev]                           
Path          │ @angular-devkit/build-angular > node-sass > node-gyp >tar 
More info     │ https://nodesecurity.io/advisories/803

它说found 1 high severity vulnerability in 42611 scanned packages 1 vulnerability requires manual review。由于它与@angular-devkit/build-angular有关,因此我担心它是否会在我的项目中造成任何其他问题。

当我运行npm audit fix命令 

    npm WARN optional SKIPPING OPTIONAL 
    DEPENDENCY:fsevents@1.2.9 (node_modules/fsevents):
    npm WARN notsup SKIPPING OPTIONAL 
    DEPENDENCY:Unsupported platform for 
    fsevents@1.2.9: wanted {"os":"darwin","arch":"any"} 
    (current: {"os":"linux","arch":"x64"})

因此,如何在具有Linux操作系统的任何系统中解决此问题。让我们考虑忽略上面的npm审核修复结果,因为它是一个警告。但是,npm审核的结果被认为是高度严重的漏洞。如何解决这个问题。

Angular CLI版本 

      Angular CLI: 7.3.8
      Node: 10.0.0
      OS: linux x64
      Angular: 7.2.14
      ... animations, common, compiler, compiler-cli, core, forms
      ... language-service, platform-browser, platform-browser-dynamic
      ... router

      Package                           Version
      -----------------------------------------------------------
      @angular-devkit/architect         0.13.8
      @angular-devkit/build-angular     0.13.8
      @angular-devkit/build-optimizer   0.13.8
      @angular-devkit/build-webpack     0.13.8
      @angular-devkit/core              7.3.8
      @angular-devkit/schematics        7.3.8
      @angular/cli                      7.3.8
      @ngtools/webpack                  7.3.8
      @schematics/angular               7.3.8
      @schematics/update                0.13.8
      rxjs                              6.3.3
      typescript                        3.2.4
      webpack                           4.29.0

帮助我解决此问题。谢谢

2 个答案:

答案 0 :(得分:1)

我想要这个。 这是我为修复审核所做的事情。

问题是TAR,它是node-gyp的依赖项。

解决方案在这里: https://github.com/sass/node-sass/issues/2625 做“ mohsenari”建议的事情。 它对我有用。

对于不支持的可选fsevents,这是另一个故事,但这只是一个警告,没什么大不了的。

  

之所以发生,是因为fsevents是可选的依赖项,仅当   专案是在macOS环境上执行(套件提供'Native   访问Mac OS-X FSEvents')。

来源: npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.0.14

答案 1 :(得分:1)

This vulnerability has been fixed

删除node_modulespackage-lock.json,然后运行以下命令:

  1. npm install
  2. npm audit
  3. npm audit fix
  4. npm audit

Found 0 vulnerabilities将出现,问题已解决。

相关问题
最新问题