发表新帖
发表新帖

NPM-AUDIT find to high vulnerabilities. What am I supposed to do?

前端 未结
关注
7 2564
清歌不尽
清歌不尽 2021-02-19 11:16

npm audit run on my project and got me this

High Command Injection
Dependency of @angular-devkit/build-angular [dev]

7条回答
  • 刺人心
    刺人心 (楼主)
    2021-02-19 11:37

    You can fix this without waiting for a new version of the package @angular-devkit/build-angular.

    Just do the following steps:

    1. Update your package.json file by adding resolutions section with proper version of package tree-kill:
    "resolutions": {
  "tree-kill": "1.2.2"
}
    1. Update your package-lock.json by running command:
    npx npm-force-resolutions
    1. Reinstall NPM packages in your project:
    rm -r node_modules
npm install

    Run npm audit to check that your project does not have anymore this problem. And don't forget to commit modified files package.json and package-lock.json.

    More information about NPM Force Resolutions.

    0 讨论(0)
 看不清?
提交回复
热议问题