node.js - 将 React 项目安装为符号链接会显示漏洞警告
问题描述
我正在尝试在 Web 项目和桌面项目之间共享 React 组件。我发现这篇文章详细介绍了如何在不从 create-react-app 中弹出的情况下执行此操作。
https://medium.com/capriza-engineering/sharing-source-code-and-libraries-in-react-bd30926df312
简而言之,它说: - 使用 CRA 创建两个 React 项目,一个使用共享组件,另一个使用它们。- 在消费者项目中安装共享项目作为符号链接npm install "../shared-project"。- 使用react-app-rewiredandcustomize-cra使 Babel 编译公共文件夹中的所有内容。
虽然,使用后npm install "../shared-project"我得到以下信息:
npm WARN deprecated left-pad@1.3.0: use String.prototype.padStart()
npm WARN deprecated flatten@1.0.2: I wrote this module a very long time ago; you should use something else.
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\jest.cmd as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\jest
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\jest as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\jest
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\rimraf.cmd as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\rimraf
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\rimraf as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\rimraf
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\svgo.cmd as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\svgo
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\svgo as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\svgo
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\js-yaml.cmd as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\js-yaml
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\js-yaml as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\js-yaml
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\browserslist.cmd as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\browserslist
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\browserslist as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\browserslist
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\semver.cmd as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\semver
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\semver as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\semver
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\esparse.cmd as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\esprima
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\esvalidate.cmd as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\esprima
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\esvalidate as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\esprima
npm WARN rm not removing D:\Projects--Tests\Project\web\node_modules\.bin\esparse as it wasn't installed by D:\Projects--Tests\Project\web\node_modules\esprima
> core-js@2.6.9 postinstall D:\Projects--Tests\Project\web\node_modules\babel-runtime\node_modules\core-js
> node scripts/postinstall || echo "ignore"
Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!
The project needs your help! Please consider supporting of core-js on Open Collective or Patreon:
> https://opencollective.com/core-js
> https://www.patreon.com/zloirock
Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)
> core-js@3.1.4 postinstall D:\Projects--Tests\Project\web\node_modules\core-js
> node scripts/postinstall || echo "ignore"
Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!
The project needs your help! Please consider supporting of core-js on Open Collective or Patreon:
> https://opencollective.com/core-js
> https://www.patreon.com/zloirock
Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN @typescript-eslint/eslint-plugin@1.13.0 requires a peer of eslint@^5.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @typescript-eslint/parser@1.13.0 requires a peer of eslint@^5.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN ts-pnp@1.1.4 requires a peer of typescript@* but none is installed. You must install peer dependencies yourself.
npm WARN ts-pnp@1.1.2 requires a peer of typescript@* but none is installed. You must install peer dependencies yourself.
npm WARN tsutils@3.17.1 requires a peer of typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer dependencies yourself.
npm WARN @typescript-eslint/parser@1.13.0 requires a peer of eslint@^5.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @typescript-eslint/eslint-plugin@1.13.0 requires a peer of eslint@^5.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN ts-pnp@1.1.2 requires a peer of typescript@* but none is installed. You must install peer dependencies yourself.
npm WARN tsutils@3.17.1 requires a peer of typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.0.7 (node_modules\react-scripts\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.0.7: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.9 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.9: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
+ shared@0.1.0
added 126 packages from 43 contributors, removed 190 packages, updated 1297 packages and audited 1794232 packages in 314.002s
found 14108 vulnerabilities (3 moderate, 14104 high, 1 critical)
run `npm audit fix` to fix them, or `npm audit` for details
如果我继续执行上面详述的步骤,一切正常,但最让我担心的是3 moderate, 14104 high, 1 critical消息。我不看过去。知道如何解决这个问题吗?提前致谢!
解决方案
推荐阅读
- python-3.x - 如何使用 AppEngine 在 Firestore 模拟器中打印?
- python - 当它们在熊猫列中时如何检查一个列表的元素是否是另一个
- rabbitmq - Google 日历 API:com.google.api.client.googleapis.json.GoogleJsonResponseException:404 未找到
- c++ - C++ 调整 2d 向量的大小,其中函数为 const
- python - pytest - 将值从一个测试函数传递到测试文件中的另一个函数
- mysql - 有没有办法将值插入到一个表中,然后更新另一个表中的值?mysql
- java - Google Foobar 问题 - 请传递编码消息 (Java)
- python - 从公共输入分支和合并 Apache Beam 中的 pcollection 列表
- html - 挣扎于使用 CSS 对齐按钮
- android - 发现名称冲突的设置器:setWallpaper