当我使用 Git Bash/PowerShell 和 NPM 安装 Remix 或 SvelteKit 时,我总是收到有关 7 个低严重性漏洞的消息。当我按照建议运行 NPM 审核时,我收到以下报告:
cookie <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
fix available via `npm audit fix --force`
Will install @remix-run/[email protected], which is a breaking change
node_modules/cookie
@remix-run/server-runtime *
Depends on vulnerable versions of cookie
node_modules/@remix-run/server-runtime
@remix-run/dev <=0.0.0-nightly-ff40409-20230514 || >=1.2.0-pre.0
Depends on vulnerable versions of @remix-run/node
Depends on vulnerable versions of @remix-run/react
Depends on vulnerable versions of @remix-run/serve
Depends on vulnerable versions of @remix-run/server-runtime
node_modules/@remix-run/dev
@remix-run/node *
Depends on vulnerable versions of @remix-run/server-runtime
node_modules/@remix-run/node
@remix-run/express *
Depends on vulnerable versions of @remix-run/node
node_modules/@remix-run/express
@remix-run/serve *
Depends on vulnerable versions of @remix-run/express
Depends on vulnerable versions of @remix-run/node
node_modules/@remix-run/serve
@remix-run/react <=0.0.0-nightly-fef7d16-20240205 || >=2.0.0-pre.0
Depends on vulnerable versions of @remix-run/server-runtime
node_modules/@remix-run/react
7 low severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
现在,我听说我可以在
package.jsonpackage.json我尝试运行命令
npm audit fix --force默认情况下,npm 将安装模块的最新版本。但是,您的某些依赖项本身指定了依赖项。如果您的依赖项尚未更新他们的依赖项,您将获得他们支持的模块的最新版本。
如果您更新了所有依赖项,但仍然出现错误,则意味着您的某个依赖项已落后或可能未得到积极维护。