我的项目有6个严重漏洞,我不知道如何解决。 npm审核修复失败。请帮我解决这个问题。
我正在将https://www.npmjs.com/package/toastr安装到我的项目中,并且在安装之后显示了漏洞。我不知道有什么联系。
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > @schematics/update > pacote >
make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > pacote > make-fetch-happen >
https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > @schematics/update > pacote >
npm-registry-fetch > make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > pacote > npm-registry-fetch >
make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of protractor [dev]
Path protractor > browserstack > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of protractor [dev]
Path protractor > saucelabs > https-proxy-agent
More info https://npmjs.com/advisories/1184
答案 0 :(得分:10)
1)npm i-保存开发npm-force-resolutions
2)将此添加到您的package.json
“决议”:{ “ https-proxy-agent”:“ ^ 3.0.0” }
3)让npm-force-resolutions做到这一点
rm -r node_modules
npx npm-force-resolutions
npm install
4)重新运行您的审核npm审核。
字体:https://github.com/TooTallNate/node-https-proxy-agent/issues/84#issuecomment-543884972
答案 1 :(得分:2)
修复了已构建问题和常规安装问题:
package.json
{
...
"scripts": {
"resolve-install": "npx npm-force-resolutions && npm install"
},
"resolutions": {
"https-proxy-agent": "^3.0.0"
}
}
然后用npm install或cmd代替Dockerfile:
npm run resolve-install
答案 2 :(得分:0)
看看这个线程:How do I override nested NPM dependency versions?
只需将相应的软件包替换为审核中列出的软件包即可。