“ npm审核修复程序”修复了0个漏洞(x个漏洞需要人工审核,无法更新)
我正在尝试安装Highway:
npm install --save @dogstudio/highway
安装后,我收到以下消息:
我无法使用该库,这很可能是由于安装后显示的漏洞所致。我尝试运行npm audit fix,但是,它“ 解决了28个漏洞中的0个”。
我该怎么办?我真的希望能够使用Highway软件包。
npm audit的输出
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > fstream
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > tar > fstre
am
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > libnpm > npm-lifecycle > node-gyp > fstream
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > libnpm > npm-lifecycle > node-gyp > tar > fstrea
m
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > node-gyp > fstream
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > node-gyp > tar > fstream
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > npm-lifecycle > node-gyp > fstream
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > npm-lifecycle > node-gyp > tar > fstream
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package tar
Patched in >=2.2.2 <3.0.0 || >=4.4.2
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > tar
More info https://npmjs.com/advisories/803
High Arbitrary File Overwrite
Package tar
Patched in >=2.2.2 <3.0.0 || >=4.4.2
Dependency of npm
Path npm > libnpm > npm-lifecycle > node-gyp > tar
More info https://npmjs.com/advisories/803
High Arbitrary File Overwrite
Package tar
Patched in >=2.2.2 <3.0.0 || >=4.4.2
Dependency of npm
Path npm > node-gyp > tar
More info https://npmjs.com/advisories/803
High Arbitrary File Overwrite
Package tar
Patched in >=2.2.2 <3.0.0 || >=4.4.2
Dependency of npm
Path npm > npm-lifecycle > node-gyp > tar
More info https://npmjs.com/advisories/803
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of update
Path update > assemble-core > assemble-fs > vinyl-fs >
glob-stream > micromatch > braces
More info https://npmjs.com/advisories/786
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of update
Path update > assemble-core > assemble-streams > match-file
>
micromatch > braces
More info https://npmjs.com/advisories/786
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of update
Path update > assemble-core > base-task > composer > microm
atch >
braces
More info https://npmjs.com/advisories/786
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of update
Path update > assemble-core > templates > get-view > match-
file >
micromatch > braces
More info https://npmjs.com/advisories/786
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of update
Path update > assemble-core > templates > layouts > get-vie
w >
match-file > micromatch > braces
More info https://npmjs.com/advisories/786
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of update
Path update > assemble-core > templates > match-file > micr
omatch
> braces
More info https://npmjs.com/advisories/786
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of update
Path update > base-cli-process > base-config-process > micr
omatch
> braces
More info https://npmjs.com/advisories/786
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of update
Path update > base-config-process > micromatch > braces
More info https://npmjs.com/advisories/786
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of update
Path update > base-generators > base-task > composer > micr
omatch
> braces
More info https://npmjs.com/advisories/786
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of update
Path update > base-questions > question-store > common-conf
ig >
composer > micromatch > braces
More info https://npmjs.com/advisories/786
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of update
Path update > base-runtimes > micromatch > braces
More info https://npmjs.com/advisories/786
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of update
Path update > common-config > composer > micromatch > brace
s
More info https://npmjs.com/advisories/786
Moderate Prototype Pollution
Package defaults-deep
Patched in No patch available
Dependency of update
Path update > base-cli-process > base-config-process >
base-config-schema > base-pkg > expand-pkg > defaults-
deep
More info https://npmjs.com/advisories/778
Moderate Prototype Pollution
Package defaults-deep
Patched in No patch available
Dependency of update
Path update > base-cli-process > base-pkg > expand-pkg >
defaults-deep
More info https://npmjs.com/advisories/778
Moderate Prototype Pollution
Package defaults-deep
Patched in No patch available
Dependency of update
Path update > base-config-process > base-config-schema > ba
se-pkg
> expand-pkg > defaults-deep
More info https://npmjs.com/advisories/778
Moderate Prototype Pollution
Package defaults-deep
Patched in No patch available
Dependency of update
Path update > base-generators > base-pkg > expand-pkg >
defaults-deep
More info https://npmjs.com/advisories/778
0 个答案:
没有答案
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?