node.js - 安装没有 postcss 的 react-scripts

问题描述

我正在尝试将我的代码上传到服务器上，但由于存在中等漏洞，它不允许我这样做。我已将问题缩小到从安装 react 应用程序下载的旧版本 postcss，特别是 react-scripts。我已经尝试卸载 postcssreact-scripts然后先安装，但是每当我进行安装时，它都会在其对文件夹postcss的依赖项中安装一个错误的版本。node-modules

记录一些错误，以防我的问题没有postcss

 Moderate        Regular Expression Denial of Service                          
  Package         postcss                                                       
  Patched in      >=8.2.10                                                      
  Dependency of   react-scripts                                                 
  Path            react-scripts > postcss-preset-env > postcss-place > postcss  
  More info       https://npmjs.com/advisories/1693                             

  Moderate        Regular Expression Denial of Service                          
  Package         postcss                                                       
  Patched in      >=8.2.10                                                      
  Dependency of   react-scripts                                                 
  Path            react-scripts > postcss-preset-env >                          
                  postcss-pseudo-class-any-link > postcss                       
  More info       https://npmjs.com/advisories/1693                             

  Moderate        Regular Expression Denial of Service                          
  Package         postcss                                                       
  Patched in      >=8.2.10                                                      
  Dependency of   react-scripts                                                 
  Path            react-scripts > postcss-preset-env >                          
                  postcss-replace-overflow-wrap > postcss                       
  More info       https://npmjs.com/advisories/1693  

我的卸载/重新安装日志以显示其反应脚本

found 79 moderate severity vulnerabilities in 1994 scanned packages
  79 vulnerabilities require manual review. See the full report for details.
PS C:\Users\pet22\JavaScriptProjects\skp-forum\front> npm uninstall react-scripts
removed 1839 packages and audited 152 packages in 17.069s

10 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

PS C:\Users\pet22\JavaScriptProjects\skp-forum\front> npm i react-scripts        
npm WARN deprecated babel-eslint@10.1.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated rollup-plugin-babel@4.4.0: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-babel.
npm WARN deprecated @hapi/joi@15.1.1: Switch to 'npm install joi'
npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/address@2.1.4: Moved to 'npm install @sideway/address'
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated core-js@2.6.12: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.

> core-js@2.6.12 postinstall C:\Users\pet22\JavaScriptProjects\skp-forum\front\node_modules\babel-runtime\node_modules\core-js
> node -e "try{require('./postinstall')}catch(e){}"

Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!

The project needs your help! Please consider supporting of core-js on Open Collective or Patreon: 
> https://opencollective.com/core-js 
> https://www.patreon.com/zloirock 

Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)


> core-js@3.12.1 postinstall C:\Users\pet22\JavaScriptProjects\skp-forum\front\node_modules\core-js
> node -e "try{require('./postinstall')}catch(e){}"


> ejs@2.7.4 postinstall C:\Users\pet22\JavaScriptProjects\skp-forum\front\node_modules\ejs
> node ./postinstall.js

Thank you for installing EJS: built with the Jake JavaScript build tool (https://jakejs.com/)

npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^2.1.3 (node_modules\react-scripts\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.2.7 (node_modules\watchpack-chokidar2\node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.2.7 (node_modules\webpack-dev-server\node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.13.12 requires a peer of @babel/core@^7.13.0 but none is installed. You must install peer dependencies yourself.
npm WARN tsutils@3.21.0 requires a peer of typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer 
dependencies yourself.

+ react-scripts@4.0.3
added 1839 packages from 659 contributors and audited 1994 packages in 57.301s

139 packages are looking for funding
  run `npm fund` for details

found 79 moderate severity vulnerabilities
  run `npm audit fix` to fix them, or `npm audit` for details

npm audit修复对我没有任何帮助。

问题：如何在不安装低于 8.2.10 的 postcss 的情况下安装 react-scripts？

标签： node.jsreactjspostcss