发表新帖
发表新帖

Found 4 vulnerabilities on npm install

前端 未结
关注
6 1992
清歌不尽
清歌不尽 2020-12-09 01:34

I am just getting started with react-native. On installing this package

npm install --save react-native-validator-form

https://github.com/New

相关标签:
6条回答
  • 星月不相逢
    2020-12-09 01:56

    I faced the same issue while installing react-native navigation, using npm install react-navigation* for me npm audit-fix didn`t worked well. npm use to have some limitations for me yarn worked

    yarn add <package-name>
    0 讨论(0)
  • 逝去的感伤
    2020-12-09 01:57

    Even after running npm audit fix if it is not fixed, then to proceed I think you should Turn off npm audit. Use below command to turn off npm audit.

    when installing a single package.

    npm install example-package-name --no-audit

    To turn off npm audit when installing all packages

    npm set audit false

    it will set the audit setting to false in your user and global npmrc config files.

    for reference visit : turn-off-npm-audit

    Hope it will help and you can proceed to your work :) Happy codding

    0 讨论(0)
  • 臣服心动
    2020-12-09 02:03

    This is a result of the new npm version including the audit command.

    It isn't some new issue with the Angular CLI, npm just introduced new functionality in npm to warn users about vulnerabilities in the packages they're installing - so there's no "new" vulnerability in Angular, it's just that now npm is now warning you about vulnerabilities that already existed:

    https://blog.npmjs.org/

    Most of the issues stem from Karma, so it'd need to be fixed there for the Angular team to pull in a new Karma version karma-runner/karma#2994

    0 讨论(0)
  • 无人及你
    2020-12-09 02:04

    I had the same problem while running this command:

    npm install ngx-bootstrap --save

    ...and solved it by running the Command Prompt as Administrator.

    So Open the Command Prompt as Administrator and then try again. Hopefully it will work.

    0 讨论(0)
  • 既然无缘
    2020-12-09 02:07

    I had the same issue and log was like below:

    Testing binary
Binary is fine
added 1166 packages from 1172 contributors and audited 39128 packages in 112.505s
found 1 high severity vulnerability

    I executed the below command and it was fixed.

    npm audit fix

    log shows as below:

    Testing binary
Binary is fine
+ @angular-devkit/build-angular@0.11.4
added 18 packages from 47 contributors, removed 14 packages and updated 52 packages in 64.529s
fixed 1 of 1 vulnerability in 39128 scanned packages
    0 讨论(0)
  • 无人及你
    2020-12-09 02:22

    If you have ran npm audit and got vulnerabilities, then you can have different scenarios:

    Security vulnerabilities found with suggested updates

    • Run the npm audit fix subcommand to automatically install compatible updates to vulnerable dependencies.

    • Run the recommended commands individually to install updates to vulnerable dependencies. (Some updates may be semver-breaking changes; for more information, see "SEMVER warnings".)

    Security vulnerabilities found requiring manual review

    • If security vulnerabilities are found, but no patches are available, the audit report will provide information about the vulnerability so you can investigate further.

    Source: Reviewing and acting on the security audit report

    0 讨论(0)
 看不清?
提交回复
热议问题