回复:创建-反应-应用程序创建一个“充满问题的”项目。

Question

解释(请阅读完整)

我开始学习React，我对它完全是的初学者，我想在页面中制作实践辅导，编写一个“toe”应用程序。

但是，当使用创建时

npx create-react-app tic_tac_toe

获得以下输出：

Creating a new React app in /path/to/my/project/tic_tac_toe.

Installing packages. This might take a couple of minutes.
Installing react, react-dom, and react-scripts with cra-template...


added 1393 packages in 1m

Initialized a git repository.

Installing template dependencies using npm...

added 72 packages in 9s
Removing template package using npm...


removed 1 package, and audited 1465 packages in 7s

6 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

Created git commit.

Success! Created tic_tac_toe at /path/to/my/project/tic_tac_toe
Inside that directory, you can run several commands:

  npm start
    Starts the development server.

  npm run build
    Bundles the app into static files for production.

  npm test
    Starts the test runner.

  npm run eject
    Removes this tool and copies build dependencies, configuration files
    and scripts into the app directory. If you do this, you can’t go back!

We suggest that you begin by typing:

  cd tic_tac_toe
  npm start

Happy hacking!

因为它给了我这个警告：

6 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

--我按照指示运行命令，并获得以下输出：

npm WARN using --force Recommended protections disabled.
npm WARN audit Updating react-scripts to 2.1.3, which is a SemVer major change.
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated flatten@1.0.3: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated kleur@2.0.2: Please upgrade to kleur@3 or migrate to 'ansi-colors' if you prefer the old syntax. Visit <https://github.com/lukeed/kleur/releases/tag/v3.0.0\> for migration path(s).
npm WARN deprecated topo@2.0.2: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated eslint-loader@2.1.1: This loader has been deprecated. Please use eslint-webpack-plugin
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated hoek@4.2.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated left-pad@1.3.0: use String.prototype.padStart()
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated acorn-dynamic-import@3.0.0: This is probably built in to whatever tool you're using. If you still need it... idk
npm WARN deprecated html-webpack-plugin@4.0.0-alpha.2: please switch to a stable version
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated babel-eslint@9.0.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated sane@2.5.2: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated uglify-es@3.3.9: support for ECMAScript is superseded by `uglify-js` as of v3.13.0
npm WARN deprecated joi@11.4.0: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated core-js@2.6.4: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.

和“ Report”，其中包含大量 logs of packages，，其中所有记录都遵循此结构&E 223

#name of the module and version
#severity
#a link to a "https://github.com/advisories" and a label of a security problem
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
#path of the module with the problem
#dependencies

在报告的末尾得出了这样的结论：

72 vulnerabilities (11 low, 20 moderate, 37 high, 4 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

而且，很明显，这只是一个无限循环的"npm审计修复-强制“，在那里我找不到任何解决办法。

我试过的

由于"audit fix“不工作，在我的无知中，试图更新

sudo npm update

，但总是得到这两个错误，

1. 代码ERR_INVALID_ARG_TYPE：总是在第一次运行update命令时获得它。 国家预防机制错误！代码ERR_INVALID_ARG_TYPE npm错误！"from“参数必须是字符串类型。收到未定义的npm错误！有关此运行的完整日志可以在: npm ERR！/root/.npm/_logs/2022-11-14T00_45_19_331Z-debug-0.log中找到。
2. 代码ENOTEMPTY：使用多个dir获取它，并且可以按照指示重命名dir来“可以修复”，但是有许多需要相同的操作，所以不是解决方案。 国家预防机制错误！代码ENOTEMPTY npm错误！系统电话改名npm错误！路径/path/to/my/project/tic_tac_toe/node_modules/acorn-globals npm错误！/path/to/my/project/tic_tac_toe/node_modules/.acorn-globals-WcMVK6xv npm错误！错误-39号国家预防机制错误！ENOTEMPTY:目录不为空，重命名'/path/to/my/project/tic_tac_toe/node_modules/acorn-globals‘-> '/path/to/my/project/tic_tac_toe/node_modules/.acorn-globals-WcMVK6xv’npm！有关此运行的完整日志可以在: npm ERR！/root/.npm/_logs/2022-11-14T00_46_31_581Z-debug-0.log中找到。

任何帮助都欢迎，谢谢。

Answer 1

为了您的目的，这些“高度严重的漏洞”可以完全忽略。

即使对于绝大多数的商业项目，你也不会浪费时间去思考它们。

在运行npx创建-react app.之后，继续您的工作！

参考资料：https://overreacted.io/npm-audit-broken-by-design/