当前位置：文江博客话题详情

我尝试通过NPM安装Axios时遇到一些问题

发布于 2025-02-12 19:56:28 字数 174 浏览 1 评论 0原文

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

心清如水 2025-02-19 19:56:28

理想情况下，我们应该解决这些漏洞，尤其是在生产，明智的工作场所等阶段。但是，通常，您必须手动解决这些漏洞。

NPM审核修复将尝试通过执行一些更新来“修复”它的内容。

NPM审核修复 - Force将尝试在考虑在主要语义版本之间进行升级（例如2至3，而不是2至2.1），

而不是2至2.1）。为了更安全，您可以浏览每个宣布易受思考风险的模块，以及任何问题如何影响您的项目

：
“ NPM”可以随时绝对找到漏洞。

因此，如果开发人员未发送纠正确定问题的新版本，则必须：

决定是否使用新库。
决定对您的代码降级或升级其库。
决定自己修复漏洞，
决定等待作者解决问题
决定实施您的解决方案。
决定与这些漏洞生活在一起，并可能在生产前解决。

NPM审核随着时间的推移监视模块，因此在完美思考的安全模块上仍然可以发生某些漏洞。因此，没有100％永久性修复。

有问题模块列表的一种方法：

gt; npm audit fix --dry-run --json

https：///docs.npmjs。 com/cli/v8/commands/npm-audit

Ideally, we should address these vulnerabilities, especially in stages like production, sensible workplaces, etc. However, often, you will have to address these vulnerabilities manually.

npm audit fix will try to "fix" what it can by performing some updates.

npm audit fix --force will try to go further in considering upgrading even between major semantic versions (2 to 3, for instance, instead of 2 to 2.1 if necessary)

It may not be enough. To be on the safer side, you look through every single module declared vulnerable to ponder eventual risks and how any issues can affect your project(s)

Keep in mind:
"npm" can find vulnerabilities absolutely at any time.

Therefore, if the developer has not sent a new version correcting the identified problem, you will have to:

Decide whether to use a new library.
Decide to downgrade or upgrade their libraries with the most negligible effect on your code.
Decide to fix the vulnerability yourself
Decide to wait for the author to fix the issue
Decide to implement your solution.
Decide to live with these vulnerabilities and likely address them before production.

npm audit monitors modules over time, so some vulnerabilities can still happen on perfectly thought-safe modules. Therefore, there is no 100% permanent fixing.

A way to have the list of problematic modules: