vue.js - jhipster vue npm audit fix --force 错误我不知道怎么办,请帮帮我
问题描述
我用jhipster创建项目的时候安装npm失败执行修复日志如下不知道怎么办,请帮帮我
npm audit fix --force
日志
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating generator-jhipster-vuejs to 0.0.3,which is a SemVer major change.
npm WARN deprecated formatio@1.1.1: This package is unmaintained. Use @sinonjs/formatio instead
npm WARN deprecated samsam@1.1.2: This package has been deprecated in favour of @sinonjs/samsam
npm WARN deprecated cross-spawn-async@2.2.5: cross-spawn no longer requires a build toolchain, use it instead
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
added 374 packages, removed 88 packages, changed 14 packages, and audited 2751 packages in 44s
101 packages are looking for funding
run `npm fund` for details
# npm audit report
axios <0.21.1
Severity: high
Server-Side Request Forgery - https://npmjs.com/advisories/1594
fix available via `npm audit fix`
node_modules/generator-jhipster/node_modules/axios
generator-jhipster 2.19.0 - 7.0.0-beta.0
Depends on vulnerable versions of axios
Depends on vulnerable versions of jhipster-core
Depends on vulnerable versions of lodash
node_modules/generator-jhipster
braces <2.3.1
Regular Expression Denial of Service - https://npmjs.com/advisories/786
fix available via `npm audit fix`
node_modules/glob-stream/node_modules/braces
micromatch 0.2.0 - 2.3.11
Depends on vulnerable versions of braces
node_modules/glob-stream/node_modules/micromatch
glob-stream 5.3.0 - 5.3.5
Depends on vulnerable versions of micromatch
node_modules/glob-stream
vinyl-fs 2.4.2 - 2.4.4
Depends on vulnerable versions of glob-stream
node_modules/vinyl-fs
decompress <4.2.1
Severity: high
Arbitrary File Write - https://npmjs.com/advisories/1217
fix available via `npm audit fix --force`
Will install generator-jhipster-vuejs@1.9.2, which is a breaking change
node_modules/decompress
gulp-decompress <=1.2.0
Depends on vulnerable versions of decompress
node_modules/gulp-decompress
download 4.0.0 - 5.0.0
Depends on vulnerable versions of caw
Depends on vulnerable versions of gulp-decompress
node_modules/download
yeoman-generator <=0.24.1
Depends on vulnerable versions of download
Depends on vulnerable versions of html-wiring
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of lodash
node_modules/generator-jhipster-vuejs/node_modules/yeoman-generator
generator-jhipster-vuejs <=0.0.3
Depends on vulnerable versions of yeoman-generator
node_modules/generator-jhipster-vuejs
deep-extend <=0.5.0
Prototype Pollution - https://npmjs.com/advisories/612
fix available via `npm audit fix`
node_modules/generator-jhipster-vuejs/node_modules/deep-extend
mem-fs-editor 2.1.0 - 3.0.2
Depends on vulnerable versions of deep-extend
node_modules/generator-jhipster-vuejs/node_modules/mem-fs-editor
lodash <=4.17.18
Severity: high
Prototype Pollution - https://npmjs.com/advisories/1065
Prototype Pollution - https://npmjs.com/advisories/1523
Prototype Pollution - https://npmjs.com/advisories/577
Prototype Pollution - https://npmjs.com/advisories/782
fix available via `npm audit fix --force`
Will install generator-jhipster-vuejs@1.9.2, which is a breaking change
node_modules/cheerio/node_modules/lodash
node_modules/generator-jhipster-vuejs/node_modules/lodash
node_modules/generator-jhipster/node_modules/lodash
node_modules/jhipster-core/node_modules/lodash
cheerio 0.14.0 - 0.19.0
Depends on vulnerable versions of lodash
node_modules/cheerio
html-wiring *
Depends on vulnerable versions of cheerio
node_modules/html-wiring
yeoman-generator <=0.24.1
Depends on vulnerable versions of download
Depends on vulnerable versions of html-wiring
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of lodash
node_modules/generator-jhipster-vuejs/node_modules/yeoman-generator
generator-jhipster-vuejs <=0.0.3
Depends on vulnerable versions of yeoman-generator
node_modules/generator-jhipster-vuejs
generator-jhipster 2.19.0 - 7.0.0-beta.0
Depends on vulnerable versions of axios
Depends on vulnerable versions of jhipster-core
Depends on vulnerable versions of lodash
node_modules/generator-jhipster
inquirer <=0.11.4
Depends on vulnerable versions of lodash
node_modules/generator-jhipster-vuejs/node_modules/inquirer
jhipster-core *
Depends on vulnerable versions of lodash
node_modules/jhipster-core
tunnel-agent <0.6.0
Severity: moderate
Memory Exposure - https://npmjs.com/advisories/598
fix available via `npm audit fix --force`
Will install generator-jhipster-vuejs@1.9.2, which is a breaking change
node_modules/caw/node_modules/tunnel-agent
caw <=2.0.0
Depends on vulnerable versions of tunnel-agent
node_modules/caw
download 4.0.0 - 5.0.0
Depends on vulnerable versions of caw
Depends on vulnerable versions of gulp-decompress
node_modules/download
yeoman-generator <=0.24.1
Depends on vulnerable versions of download
Depends on vulnerable versions of html-wiring
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of lodash
node_modules/generator-jhipster-vuejs/node_modules/yeoman-generator
generator-jhipster-vuejs <=0.0.3
Depends on vulnerable versions of yeoman-generator
node_modules/generator-jhipster-vuejs
20 vulnerabilities (7 low, 2 moderate, 11 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
解决方案
推荐阅读
- python - 在 elmoformanylangs 中设置 config_path
- elasticsearch - 在 elasticSearch 中创建管道的问题
- google-analytics - 向客户发送请求访问邀请,以便在 Google Analytics 中获得用户访问权限
- r - ggplot2:将协方差矩阵绘制为没有行/列名的热图
- python - 将元组列表转换为熊猫数据框的单列?
- python - ValueError:allow_pickle=False 时无法加载对象数组
- arrays - 扫描和显示数组元素的函数出错
- qt - 从 QString 获取一个数字,然后将其转换为整数
- php - Laravel Sanctum - 通过tenantId 向租户进行身份验证
- rstudio - R Studio AWS Athena 不接受凭证