如何修复这些漏洞?(npm审计修复无法修复这些漏洞)
如何修复这些漏洞?(npm审计修复无法修复这些漏洞)
提问于 2019-10-18 20:27:33
我的项目有6个高度严重的漏洞,我不知道如何修复它们。npm审计修复失败。请帮我把这个修好。
我在我的项目中安装了https://www.npmjs.com/package/toastr,并且在它安装完之后,就显示了这些漏洞。我不知道有什么联系。=== npm审计安全报告===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > @schematics/update > pacote >
make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184 High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > pacote > make-fetch-happen >
https-proxy-agent
More info https://npmjs.com/advisories/1184 High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > @schematics/update > pacote >
npm-registry-fetch > make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184 High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > pacote > npm-registry-fetch >
make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184 High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of protractor [dev]
Path protractor > browserstack > https-proxy-agent
More info https://npmjs.com/advisories/1184 High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of protractor [dev]
Path protractor > saucelabs > https-proxy-agent
More info https://npmjs.com/advisories/1184回答 2
Stack Overflow用户
发布于 2019-10-21 00:14:32
修正了构建问题和一般安装问题:
package.json
{
...
"scripts": {
"resolve-install": "npx npm-force-resolutions && npm install"
},
"resolutions": {
"https-proxy-agent": "^3.0.0"
}
}而不是npm install,只需在cmd或Dockerfile中运行
npm run resolve-installStack Overflow用户
发布于 2019-10-22 01:59:47
看看这个线程:How do I override nested NPM dependency versions?
只需将相应的包替换为审计中列出的包即可。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/58457748
复制相关文章
相似问题
腾讯云开发者
