NPM 审计警告来自哪里?
Where do NPM audit warnings come from?
据我所知 the docs,
The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities.
所以那里有一个 NPM 注册表,我假设我将从中获取带有 npm install 的软件包的同一个注册表,以及它包含安全审计警告的软件包。如果是这样,如何注册这些警告?
NPM 安装的默认存储库是 https://www.npmjs.com. They have a security policy, along with a specific guide to reporting,它指出:
If you find a security vulnerability in an npm package (either yours
or someone else’s), you can report it to the npm Security team to help
keep the Javascript ecosystem safe.
...
- On the package page, click Report a vulnerability.
据我所知 the docs,
The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities.
所以那里有一个 NPM 注册表,我假设我将从中获取带有 npm install 的软件包的同一个注册表,以及它包含安全审计警告的软件包。如果是这样,如何注册这些警告?
NPM 安装的默认存储库是 https://www.npmjs.com. They have a security policy, along with a specific guide to reporting,它指出:
If you find a security vulnerability in an npm package (either yours or someone else’s), you can report it to the npm Security team to help keep the Javascript ecosystem safe.
...
- On the package page, click Report a vulnerability.