如何去除大括号中的 npm 模块漏洞 babel-cli@6.23.0?
how to remove npm module vulnerability babel-cli@6.23.0 in braces?
我想消除 npm 审计中的漏洞,
https://snyk.io/test/npm/babel-cli/6.23.0
如何更新chokidar模块?
如何在不更新父模块的情况下更新依赖模块?
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of babel-cli [dev]
Path babel-cli > chokidar > anymatch > micromatch > braces
More info https://npmjs.com/advisories/786
你可以看看resolutions。基本上它会强制安装您在分辨率对象中指定的包的版本,即使该包是一个子依赖项。
{
"name": "project",
"version": "1.0.0",
"dependencies": {
"left-pad": "1.0.0",
"c": "file:../c-1",
"d2": "file:../d2-1"
},
"resolutions": {
"d2/left-pad": "1.1.1",
"c/**/left-pad": "1.1.2"
}
}
安装“@babel/cli”而不是 'babel-cli'。
需要 npm 模块 '@babel/core、@babel/node、@babel/cli、@babel/preset-flow、@babel/register'
使用以下内容更新 .babelrc 文件:
{
"presets": ["@babel/preset-flow"]
}
更新 package.json 个脚本:
{
"scripts": {
"babel-node": "babel-node --presets=@babel/preset-flow",
"serve": "nodemon --exec npm run babel-node -- ./app/app.js",
"start": "node ./build/app.js",
"local": "node ./app/app.js",
"build": "./node_modules/.bin/babel ./app/ -d ./build/ --copy-files",
"mocha": "mocha --require @babel/register",
"test": "mocha --require @babel/register --recursive ./test/",
"test:e2e": "mocha --timeout 20000 --require @babel/register --recursive ./e2e/ --exit",
"test:coverage": "nyc --reporter=html --reporter=text mocha --require @babel/register --recursive ./test/",
"test:coverage-report": "nyc report --reporter=text-lcov | coveralls ",
"lint": "eslint ./app --ext .js",
"prepush": "npm run test && npm run lint",
"flow": "flow",
"flow:init": "flow init",
"flow:status": "flow status"
}
}
我想消除 npm 审计中的漏洞,
https://snyk.io/test/npm/babel-cli/6.23.0
如何更新chokidar模块?
如何在不更新父模块的情况下更新依赖模块?
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of babel-cli [dev]
Path babel-cli > chokidar > anymatch > micromatch > braces
More info https://npmjs.com/advisories/786
你可以看看resolutions。基本上它会强制安装您在分辨率对象中指定的包的版本,即使该包是一个子依赖项。
{
"name": "project",
"version": "1.0.0",
"dependencies": {
"left-pad": "1.0.0",
"c": "file:../c-1",
"d2": "file:../d2-1"
},
"resolutions": {
"d2/left-pad": "1.1.1",
"c/**/left-pad": "1.1.2"
}
}
安装“@babel/cli”而不是 'babel-cli'。
需要 npm 模块 '@babel/core、@babel/node、@babel/cli、@babel/preset-flow、@babel/register'
使用以下内容更新 .babelrc 文件:
{
"presets": ["@babel/preset-flow"]
}
更新 package.json 个脚本:
{
"scripts": {
"babel-node": "babel-node --presets=@babel/preset-flow",
"serve": "nodemon --exec npm run babel-node -- ./app/app.js",
"start": "node ./build/app.js",
"local": "node ./app/app.js",
"build": "./node_modules/.bin/babel ./app/ -d ./build/ --copy-files",
"mocha": "mocha --require @babel/register",
"test": "mocha --require @babel/register --recursive ./test/",
"test:e2e": "mocha --timeout 20000 --require @babel/register --recursive ./e2e/ --exit",
"test:coverage": "nyc --reporter=html --reporter=text mocha --require @babel/register --recursive ./test/",
"test:coverage-report": "nyc report --reporter=text-lcov | coveralls ",
"lint": "eslint ./app --ext .js",
"prepush": "npm run test && npm run lint",
"flow": "flow",
"flow:init": "flow init",
"flow:status": "flow status"
}
}