发现 55 个漏洞(1 个低漏洞、32 个中漏洞、21 个高漏洞、1 个严重漏洞)
npm install
removed 1 package, and audited 1819 packages in 30s
100 packages are looking for funding
run `npm fund` for details
55 vulnerabilities (1 low, 32 moderate, 21 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
即使在进行 npm 审核修复后,也没有消除任何漏洞。如何让所有漏洞为0。 谢谢
npm install
removed 1 package, and audited 1819 packages in 30s
100 packages are looking for funding
run `npm fund` for details
55 vulnerabilities (1 low, 32 moderate, 21 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
Even after doing npm audit fix no vulnerability was removed. how to make all vulnerabilities to 0.
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我会阅读这篇 博客 npm 审核不能总是修复漏洞,因为子依赖项。通常,由于威胁向量相当小,因此需要更仔细地审查漏洞
I would read this blog npm audit cannot always fix the vulnerabilities due to the sub dependencies. Often though the vulnerabilities need to be reviewed more carefully because the threat vector is pretty slim