当我运行npm审核命令时出现
=== npm审计安全报告===
`Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance `
High │ Arbitrary File Overwrite
Package │ tar
Patched in │ >=4.4.2
Dependency of │ @angular-devkit/build-angular [dev]
Path │ @angular-devkit/build-angular > node-sass > node-gyp >tar
More info │ https://nodesecurity.io/advisories/803
它说的是found 1 high severity vulnerability in 42611 scanned packages 1 vulnerability requires manual review
。由于它与@angular-devkit/build-angular
有关,我担心它是否会在我的项目中产生任何其他问题。
当我运行npm审计修复命令时出现
npm WARN optional SKIPPING OPTIONAL
DEPENDENCY:fsevents@1.2.9 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL
DEPENDENCY:Unsupported platform for
fsevents@1.2.9: wanted {"os":"darwin","arch":"any"}
(current: {"os":"linux","arch":"x64"})
那么如何在任何拥有linux操作系统的系统中修复这个问题。让我们考虑忽略上面的npm审计修复结果,因为不知何故它是一个警告。但是npm审计的结果被认为是一个高度严重的漏洞。如何解决这个问题。
Angular CLI版本
Angular CLI: 7.3.8
Node: 10.0.0
OS: linux x64
Angular: 7.2.14
... animations, common, compiler, compiler-cli, core, forms
... language-service, platform-browser, platform-browser-dynamic
... router
Package Version
-----------------------------------------------------------
@angular-devkit/architect 0.13.8
@angular-devkit/build-angular 0.13.8
@angular-devkit/build-optimizer 0.13.8
@angular-devkit/build-webpack 0.13.8
@angular-devkit/core 7.3.8
@angular-devkit/schematics 7.3.8
@angular/cli 7.3.8
@ngtools/webpack 7.3.8
@schematics/angular 7.3.8
@schematics/update 0.13.8
rxjs 6.3.3
typescript 3.2.4
webpack 4.29.0
帮我解决这个问题。谢谢
发布于 2019-05-16 03:24:20
This vulnerability has been fixed。
删除node_modules
和package-lock.json
,然后运行命令:
npm install
npm audit
npm audit fix
npm audit
将出现Found 0 vulnerabilities
,问题已修复。
发布于 2019-05-12 22:57:15
我想要解决这个问题。这就是我为修复审计所做的工作。
问题是TAR,它是node-gyp的一个依赖项。
解决方案在这里:https://github.com/sass/node-sass/issues/2625按照'mohsenari‘的建议去做。这对我很管用。
对于不支持的可选fsevent,那就另当别论了,但这只是一个警告,没什么大不了的。
它的发生是因为
是一个可选的依赖项,仅当项目在macOS环境中运行时使用(该包提供了对macOS-X fsevents的本机访问)。
来源: npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.0.14
https://stackoverflow.com/questions/55969040
复制相似问题