logo标签列表

如何修复这些漏洞?(npm audit fix无法修复这些漏洞)

angularnpm
11

我的项目有6个高危漏洞,我不知道该如何修复它们。npm audit fix无法解决。请帮我修复。

我在安装https://www.npmjs.com/package/toastr到我的项目中后,显示了这些漏洞。我不知道是否有任何关联。 === npm audit 安全报告 ===

                             Manual Review                                  
         Some vulnerabilities require your attention to resolve             

      Visit https://go.npm.me/audit-guide for additional guidance           


High            Machine-In-The-Middle                                         

Package         https-proxy-agent                                             

Patched in      >=3.0.0                                                       

Dependency of   @angular/cli [dev]                                            

Path            @angular/cli > @schematics/update > pacote >                  
                make-fetch-happen > https-proxy-agent                         

More info       https://npmjs.com/advisories/1184                             

High            Machine-In-The-Middle                                         

Package         https-proxy-agent                                             

Patched in      >=3.0.0                                                       

Dependency of   @angular/cli [dev]                                            

Path            @angular/cli > pacote > make-fetch-happen >                   
                https-proxy-agent                                             

More info       https://npmjs.com/advisories/1184                             

High            Machine-In-The-Middle                                         

Package         https-proxy-agent                                             

Patched in      >=3.0.0                                                       

Dependency of   @angular/cli [dev]                                            

Path            @angular/cli > @schematics/update > pacote >                  
                npm-registry-fetch > make-fetch-happen > https-proxy-agent    

More info       https://npmjs.com/advisories/1184                             

High            Machine-In-The-Middle                                         

Package         https-proxy-agent                                             

Patched in      >=3.0.0                                                       

Dependency of   @angular/cli [dev]                                            

Path            @angular/cli > pacote > npm-registry-fetch >                  
                make-fetch-happen > https-proxy-agent                         

More info       https://npmjs.com/advisories/1184                             

High            Machine-In-The-Middle                                         

Package         https-proxy-agent                                             

Patched in      >=3.0.0                                                       

Dependency of   protractor [dev]                                              

Path            protractor > browserstack > https-proxy-agent                 

More info       https://npmjs.com/advisories/1184                             

High            Machine-In-The-Middle                                         

Package         https-proxy-agent                                             

Patched in      >=3.0.0                                                       

Dependency of   protractor [dev]                                              

Path            protractor > saucelabs > https-proxy-agent                    

More info       https://npmjs.com/advisories/1184
3个回答
13
2
这个解决方案只能在一定时间内起作用,然后同样的问题又会出现。 - user11135251
@user11135351 请参考 https://dev59.com/_FIG5IYBdhLWcg3whwmc。 - Leponzo
2

修复BUILD问题和一般安装问题:

package.json

{
  ...
  "scripts": {
     "resolve-install": "npx npm-force-resolutions && npm install"
  },
  "resolutions": {
    "https-proxy-agent": "^3.0.0"
  }
}

那么,不要再使用npm install命令,而是在cmdDockerfile中运行以下命令:

npm run resolve-install
0
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接