node.js - 如何删除大括号中的 npm 模块漏洞 babel-cli@6.23.0？

问题描述

我想删除 npm 审计中的漏洞，

https://snyk.io/test/npm/babel-cli/6.23.0

如何更新 chokidar 模块？

如何在不更新父模块的情况下更新依赖模块？

    Manual Review                                  
             Some vulnerabilities require your attention to resolve             

          Visit https://go.npm.me/audit-guide for additional guidance           


  Low             Regular Expression Denial of Service                          

  Package         braces                                                        

  Patched in      >=2.3.1                                                       

  Dependency of   babel-cli [dev]                                               

  Path            babel-cli > chokidar > anymatch > micromatch > braces         

  More info       https://npmjs.com/advisories/786

标签： node.jsnpmdependenciespackage.jsonpackage-lock.json

安装 '@babel/cli' 而不是 'babel-cli'。

npm 模块需要'@babel/core、@babel/node、@babel/cli、@babel/preset-flow、@babel/register'

使用以下内容更新 .babelrc 文件：

{
  "presets": ["@babel/preset-flow"]
}

更新 package.json 脚本：

{
  "scripts": {
    "babel-node": "babel-node --presets=@babel/preset-flow",
    "serve": "nodemon --exec npm run babel-node -- ./app/app.js",
    "start": "node ./build/app.js",
    "local": "node ./app/app.js",
    "build": "./node_modules/.bin/babel ./app/ -d ./build/ --copy-files",
    "mocha": "mocha --require @babel/register",
    "test": "mocha --require @babel/register --recursive ./test/",
    "test:e2e": "mocha --timeout 20000 --require @babel/register --recursive ./e2e/ --exit",
    "test:coverage": "nyc --reporter=html --reporter=text mocha --require @babel/register --recursive ./test/",
    "test:coverage-report": "nyc report --reporter=text-lcov | coveralls ",
    "lint": "eslint ./app --ext .js",
    "prepush": "npm run test && npm run lint",
    "flow": "flow",
    "flow:init": "flow init",
    "flow:status": "flow status"
  }
}

node.js - 如何删除大括号中的 npm 模块漏洞 babel-cli@6.23.0？

问题描述

解决方案

推荐阅读