发现11个低严重漏洞- React
每当我使用react-native init <projname>创建一个新的,然后尝试安装我的项目所需的任何NPM包时,我总是会出现这样的错误-
发现11个低严重漏洞
我该如何解决这个错误?
我已经试过npm audit fix了。但是它说这些错误应该手动解决。
$ npm install react-native-elements --save
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\sane.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\sane
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\sane as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\sane
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\jest.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\jest-cli
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\jest as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\jest-cli
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esvalidate.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esparse.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esvalidate as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esparse as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
> react-native-elements@1.1.0 postinstall C:\Users\jjeff\Documents\React Native\testOne\node_modules\react-native-elements
> opencollective-postinstall
Thank you for using react-native-elements!
If you rely on this package, please consider supporting our open collective:
> https://opencollective.com/react-native-elements/donate
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN react-native-elements@1.1.0 requires a peer of react-native-vector-icons@>6.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.7 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.7: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
+ react-native-elements@1.1.0
added 54 packages from 33 contributors, removed 34 packages, updated 918 packages and audited 515931 packages in 112.858s
found 11 low severity vulnerabilities
run `npm audit fix` to fix them, or `npm audit` for details回答 3
Stack Overflow用户
发布于 2019-03-24 19:01:00
您可以运行npm audit来检查这些漏洞的详细信息,这些漏洞通常属于您为项目安装的依赖项/包。这意味着,除非最近的更新还没有应用于特定的包,否则您对它们无能为力。
在您的例子中,它是低严重性漏洞,所以我不会太担心它们,如果您想要的话,只需使用npm audit,看看是否有特别让您担心的漏洞,如果是的话,请将它们向包开发人员解决,考虑其他方案,或者将这些漏洞作为最后的手段来解决。但是,我不会太担心这一点,因为它们只是低严重性的漏洞。
Stack Overflow用户
发布于 2019-03-24 18:50:09
您可以尝试项目中使用的包的最新版本。
您可以尝试以下命令。
npm install pkg-name或
npm install pkg-name@^version其中pkg-name是包名,版本是package version。
安装最新版本后,您可以尝试
npm audit fix希望它能成功!
Stack Overflow用户
发布于 2019-04-26 04:27:27
所以,问题自动解决了。主要问题是,由于漏洞,该项目无法运行。但是大约一个月后,我开始使用Yarn来安装依赖项,所以我没有看到漏洞。这个问题现在已经解决了。
https://stackoverflow.com/questions/55324500
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号