node.js - 安装没有 postcss 的 react-scripts
问题描述
我正在尝试将我的代码上传到服务器上,但由于存在中等漏洞,它不允许我这样做。我已将问题缩小到从安装 react 应用程序下载的旧版本 postcss,特别是 react-scripts。我已经尝试卸载 postcssreact-scripts
然后先安装,但是每当我进行安装时,它都会在其对文件夹postcss
的依赖项中安装一个错误的版本。node-modules
记录一些错误,以防我的问题没有postcss
Moderate Regular Expression Denial of Service
Package postcss
Patched in >=8.2.10
Dependency of react-scripts
Path react-scripts > postcss-preset-env > postcss-place > postcss
More info https://npmjs.com/advisories/1693
Moderate Regular Expression Denial of Service
Package postcss
Patched in >=8.2.10
Dependency of react-scripts
Path react-scripts > postcss-preset-env >
postcss-pseudo-class-any-link > postcss
More info https://npmjs.com/advisories/1693
Moderate Regular Expression Denial of Service
Package postcss
Patched in >=8.2.10
Dependency of react-scripts
Path react-scripts > postcss-preset-env >
postcss-replace-overflow-wrap > postcss
More info https://npmjs.com/advisories/1693
我的卸载/重新安装日志以显示其反应脚本
found 79 moderate severity vulnerabilities in 1994 scanned packages
79 vulnerabilities require manual review. See the full report for details.
PS C:\Users\pet22\JavaScriptProjects\skp-forum\front> npm uninstall react-scripts
removed 1839 packages and audited 152 packages in 17.069s
10 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
PS C:\Users\pet22\JavaScriptProjects\skp-forum\front> npm i react-scripts
npm WARN deprecated babel-eslint@10.1.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated rollup-plugin-babel@4.4.0: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-babel.
npm WARN deprecated @hapi/joi@15.1.1: Switch to 'npm install joi'
npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/address@2.1.4: Moved to 'npm install @sideway/address'
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated core-js@2.6.12: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
> core-js@2.6.12 postinstall C:\Users\pet22\JavaScriptProjects\skp-forum\front\node_modules\babel-runtime\node_modules\core-js
> node -e "try{require('./postinstall')}catch(e){}"
Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!
The project needs your help! Please consider supporting of core-js on Open Collective or Patreon:
> https://opencollective.com/core-js
> https://www.patreon.com/zloirock
Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)
> core-js@3.12.1 postinstall C:\Users\pet22\JavaScriptProjects\skp-forum\front\node_modules\core-js
> node -e "try{require('./postinstall')}catch(e){}"
> ejs@2.7.4 postinstall C:\Users\pet22\JavaScriptProjects\skp-forum\front\node_modules\ejs
> node ./postinstall.js
Thank you for installing EJS: built with the Jake JavaScript build tool (https://jakejs.com/)
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^2.1.3 (node_modules\react-scripts\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.2.7 (node_modules\watchpack-chokidar2\node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.2.7 (node_modules\webpack-dev-server\node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.13.12 requires a peer of @babel/core@^7.13.0 but none is installed. You must install peer dependencies yourself.
npm WARN tsutils@3.21.0 requires a peer of typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer
dependencies yourself.
+ react-scripts@4.0.3
added 1839 packages from 659 contributors and audited 1994 packages in 57.301s
139 packages are looking for funding
run `npm fund` for details
found 79 moderate severity vulnerabilities
run `npm audit fix` to fix them, or `npm audit` for details
npm audit
修复对我没有任何帮助。
问题:如何在不安装低于 8.2.10 的 postcss 的情况下安装 react-scripts?
解决方案
我通过更好的 npm 审计暂时为自己解决了这个问题。更好的 npm 审计
您必须在顶层创建一些 .nsprc 文件并根据示例添加异常(编号 1693)。将审计命令放入 package.json 并可能更改构建脚本(而不是“npm audit”,您应该使用“npm run audit”)。
这并不能解决原始问题,但至少构建不再失败。
推荐阅读
- sql - 使用日期类型是 postgrsql SET 语句
- amazon-web-services - 如何为 Paypal Ipn 消息保护 AWS Api Gateway 和 Lambda
- c# - 在 C# 中绘制旋转的文本
- java - 如何快速显示图像?我正在使用毕加索,但它太慢了。我可以像 Instagram 应用程序一样快速显示图像吗?
- ios - 自定义 tableview 单元格的问题。自定义表格视图单元格内的 Collectionview 未根据单元格的高度进行调整
- python - 实例化另一个模型时如何创建某个模型的新实例?
- php - 在 react native 中发送和获取 JSON 数据 [JSON 解析错误]
- python - wxPython - 如何对 ListCtrl 列项进行排序?
- twitter - 如何确定情感分析中哪些词具有高预测能力?
- angular - 离子显示数据等于值