node.js - 如何手动修复 npm install 期间显示的漏洞?
问题描述
我是 NodeJS 的初学者,在安装包的过程中遇到了一些漏洞错误。我之前也遇到过一些错误。并且通过简单地更新包来修复。此外,“npm audit fix”也没有帮助。以下是“npm audit”的结果。谁能告诉我,如何手动更新这些依赖项?
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Command Injection
Package tree-kill
Patched in >=1.2.2
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > @ngtools/webpack > tree-kill
More info https://npmjs.com/advisories/1432
High Command Injection
Package tree-kill
Patched in >=1.2.2
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > tree-kill
More info https://npmjs.com/advisories/1432
found 2 high severity vulnerabilities in 16547 scanned packages
2 vulnerabilities require manual review. See the full report for details.
另外,我可以手动更新路径“@angular-devkit/build-angular > @ngtools/webpack > tree-kill”和“@angular-devkit/build-angular > tree-kill”下的“tree-kill”包吗? 如果是,那我该怎么做?
npm 版本 - 6.12.1 节点版本 - 12.13.1
感谢您的帮助!
解决方案
推荐阅读
- javascript - Vuetify - 本地项目中示例的不同行为
- python - 我可以将 Pandas DateOffset 与另一列中指定的偏移天数一起使用吗?
- php - 如何更改控制台日志?
- python - 定义一个写入文件的函数
- javascript - MongoDB 和 Nest.js:为集合定义自定义名称
- javascript - React Native 将图像从 firebase 存储下载到我的资产文件夹
- python - 编写一个类函数,该函数将构建一个字符串,该字符串包含有关类对象的所有信息
- javascript - 打字稿可以从 React 中的联合中分配基于索引的泛型类型吗?
- c++ - 随机播放 C++ 中的字符串列表
- python - 用于连接列表中句子的 Python 函数