npm 审计

npm 审计报告

json5<1.0.2 Severity: high Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h 可通过

npm audit fix --force

修复 将安装 [email protected]，这是一个重大变化 node_modules/babel-preset-expo/node_modules/json5 查找-babel-config <=1.2.0 Depends on vulnerable versions of json5 node_modules/babel-preset-expo/node_modules/find-babel-config babel-plugin-module-resolver 2.3.0 - 4.1.0 Depends on vulnerable versions of find-babel-config node_modules/babel-preset-expo/node_modules/babel-plugin-module-resolver babel-preset-expo * Depends on vulnerable versions of babel-plugin-module-resolver node_modules/babel-preset-expo expo >=14.0.0 依赖于易受攻击的 babel-preset-expo 版本 节点模块/博览会

5 个高危漏洞

要解决所有问题（包括重大更改），请运行： npm 审计修复 --force

├─┬@babel/[email protected] │ └── [email protected] 去重 ├─┬ @expo/[email protected] 无关 │ └── [email protected] 无关 ├─┬ [email protected] 无效：来自根项目的“5.0.0” │ └─┬ [email protected] │ └── [email protected] ├─┬ [email protected] 无关 │ └─┬ @expo/[email protected] │ └─┬ @expo/[email protected] │ └── [email protected] ├─┬ 博览会@47.0.13 │ ├─┬ @expo/[email protected] │ │ ├─┬ @expo/[email protected] │ │ │ └── [email protected] │ │ ├─┬ @expo/[email protected] │ │ │ └─┬ @expo/[email protected] │ │ │ └── [email protected] │ │ └─┬ @expo/[email protected] │ │ └─┬ @expo/[email protected] │ │ └── [email protected] │ ├─┬ @expo/[email protected] │ │ └─┬ @expo/[email protected] │ │ └── [email protected] │ ├─┬ [email protected] │ │ └─┬ [email protected] │ │ └─┬ [email protected] │ │ └── [email protected] │ └─┬ [email protected] │ └─┬ @expo/[email protected] │ └─┬ @expo/[email protected] │ └── [email protected] ├─┬ [email protected] │ └── [email protected] 去重 ├── [email protected] └─┬ [email protected] 无关 └── [email protected] 去重

“npm audit fix --force”或 npm install --save json5@latest 命令未按预期工作。