logo标签列表

我无法修复NPM的漏洞。

node.jsnpmsemantic-versioningnpm-auditnpm-vulnerabilities
4
我对npm不太了解,但我需要解决这个问题。
# npm audit report

semver  <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
No fix available
node_modules/@babel/core/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@babel/helper-create-class-features-plugin/node_modules/semver
  @babel/core  *
  Depends on vulnerable versions of @babel/helper-compilation-targets
  Depends on vulnerable versions of semver
  node_modules/@babel/core
    @babel/helper-compilation-targets  *
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of semver
    node_modules/@babel/helper-compilation-targets
    @babel/helper-create-class-features-plugin  *
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of semver
    node_modules/@babel/helper-create-class-features-plugin
      @babel/plugin-transform-typescript  >=7.21.4-esm
      Depends on vulnerable versions of @babel/helper-create-class-features-plugin
      node_modules/@babel/plugin-transform-typescript
        @babel/preset-typescript  >=7.22.5
        Depends on vulnerable versions of @babel/plugin-transform-typescript
        node_modules/@babel/preset-typescript
    babel-plugin-jsx-dom-expressions  >=0.33.12
    Depends on vulnerable versions of @babel/core
    node_modules/babel-plugin-jsx-dom-expressions
      babel-preset-solid  0.17.0-beta.0 - 0.17.0-beta.3 || >=1.4.6
      Depends on vulnerable versions of @babel/core
      Depends on vulnerable versions of babel-plugin-jsx-dom-expressions
      node_modules/babel-preset-solid
        vite-plugin-solid  *
        Depends on vulnerable versions of @babel/core
        Depends on vulnerable versions of babel-preset-solid
        node_modules/vite-plugin-solid

9 moderate severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.

我删除了"node_modules"文件夹,"package-lock.json"文件,然后运行了"npm install"命令。但是它没有起作用。
我尝试运行"npm audit fix",安装了较旧的"semver"版本,但它们也没有起作用。
2个回答
3
尝试在package.json中添加以下代码
"overrides": {
    "semver": "~7.5.2"
  }
0
我遇到了一个类似的错误。我也无法摆脱它。
semver <7.5.2 严重程度:中等 semver易受正则表达式拒绝服务攻击影响-https://github.com/advisories/GHSA-c2qf-rxjj-qqgw 可通过npm audit fix --force修复 将安装hardhat@0.0.7,这是一个重大变更 node_modules/hardhat/node_modules/semver node_modules/solc/node_modules/semver hardhat >=0.1.0-rc.0 依赖于易受攻击版本的semver 依赖于易受攻击版本的solc node_modules/hardhat solc >=0.4.7 依赖于易受攻击版本的semver node_modules/solc
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接