脚本)"/>
npm 升级和 npm 审计修复:漏洞问题(升级反应脚本)
如果我运行
npm upgrade
或 npm upgrade react-scripts
我总是收到这样的消息
added 84 packages, removed 249 packages, changed 428 packages, and audited 1245 packages in 57s
179 packages are looking for funding
run `npm fund` for details
6 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
所以我尝试
npm audit fix --force
并得到一份关于依赖关系和文本的长报告
66 vulnerabilities (15 low, 26 moderate, 24 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
我按照这些步骤运行
npm audit fix --force
女巫导致错误:
npm ERR! code ERR_INVALID_ARG_TYPE
npm ERR! The "from" argument must be of type string. Received undefined
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\{user}\AppData\Local\npm-cache\_logs\2022-05-09T15_11_33_120Z-debug-0.log
如果我尝试运行
npm audit fix --force
而不是 npm audit fix
我会得到以下信息:
nth-check <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check -
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
node_modules/react-scripts
6 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
不,再次运行
npm audit fix --force
无济于事。
有人可以帮助我吗?
回答如下:由于新版本 6.3.0 没有正确的 @svgo 和 @svgr,我们将无法访问这些模块。所以,我的建议是使用旧版本 5.2.0.
不要使用最新版本,而要使用旧版本
npm install [email protected]
通过在promt中运行上面的代码,我们可以访问“react-router-dom”的所有服务。
谢谢:)
更多推荐
npm 升级和 npm 审计修复:漏洞问题(升级反应脚本)
发布评论