1

我遇到了大量的漏洞。有 583 个漏洞都与 package minimist 相关联

在此处输入图像描述

我的 package.json 是这样的:

{
  "name": "weather-wizard",
  "version": "0.1.0",
  "private": true,
  "proxy": "http://localhost:5000",
  "dependencies": {
    "@testing-library/jest-dom": "^4.2.4",
    "@testing-library/react": "^9.4.1",
    "@testing-library/user-event": "^7.2.1",
    "axios": "^0.19.2",
    "chart.js": "^2.9.3",
    "eslint-plugin-flowtype": "^3.13.0",
    "minimist": "^1.2.5",
    "moment": "^2.24.0",
    "node-sass": "^4.13.1",
    "react": "^16.13.0",
    "react-animated-weather": "^4.0.0",
    "react-chartjs-2": "^2.9.0",
    "react-dom": "^16.13.0",
    "react-places-autocomplete": "^7.2.1",
    "react-scripts": "3.4.0",
    "typescript": "^3.8.3"
  },
  "scripts": {
    "start": "react-scripts start",
    "build": "react-scripts build",
    "test": "react-scripts test",
    "eject": "react-scripts eject"
  },
  "eslintConfig": {
    "extends": "react-app"
  },
  "browserslist": {
    "production": [
      ">0.2%",
      "not dead",
      "not op_mini all"
    ],
    "development": [
      "last 1 chrome version",
      "last 1 firefox version",
      "last 1 safari version"
    ]
  }
}

管理这些漏洞的最佳方法是什么?

4

2 回答 2

3

当你看到这样的问题时,你需要首先检查 github 存储库是否已经通知他们并创建一个问题,以便他们尽快修复它。

他们在以下问题中解决了这个问题:https ://github.com/facebook/create-react-app/issues/8672

于 2020-03-20T12:53:22.447 回答
0

解决方案: 对于 npm 用户:

npm install minimist --save-dev 例如:(minimist 版本:1.2.5)

在 package.json 文件中添加与依赖键相邻的分辨率键

{
"resolutions": {
"minimist": "^1.2.5"
}
}

将脚本键内的以下行添加到 package.json 示例中:

"scripts": {
"preinstall": "npx npm-force-resolutions"
}

删除 node_modules,然后运行命令:npm install

虽然npm audit fix修复了依赖

于 2020-07-30T04:47:17.593 回答