具有创建- React app React Js的漏洞

Question

每次我使用npx create-react-app <AppName>创建一个react应用程序时，我都会得到：

96 vulnerabilities found - Packages audited: 1682
Severity: 65 Moderate | 30 High | 1 Critical
Node Version: v14.18.1
Npm: 7.20.5
React: ^17.0.2

当我使用npm audit fix或npm audit fix --force时，结果如下：

68 vulnerabilities (21 moderate, 45 high, 2 critical)
47 vulnerabilities (12 low, 18 moderate, 15 high, 2 critical)
58 vulnerabilities (16 moderate, 40 high, 2 critical)
48 vulnerabilities (12 low, 18 moderate, 16 high, 2 critical)
58 vulnerabilities (16 moderate, 40 high, 2 critical)

以下是审计细节：文本文件链接，我做错了什么？

Answer 1

这是个NPM臭虫。有关更长的解释，请参见这里。您只需将react-scripts放在这样的dev依赖项中即可。

"dependencies": {
    "react": "^17.0.2",
    "react-dom": "^17.0.2",
   },
  "devDependencies": {
    "react-scripts": "4.0.3"
  },

这个问题已经在GitHub上解决了。https://github.com/facebook/create-react-app/issues/11174 --如果您真的想审计，请使用npm audit --production。