Javascript 有没有更好的方法来修复 npm 漏洞

发布于05月13日

我在修复EXPO Reaction原生项目中的漏洞时遇到了问题. 这是一款正在开发的 react native 应用程序.

我一直收到这个；

up to date, audited 1375 packages in 1m

73 packages are looking for funding
  run `npm fund` for details

18 vulnerabilities (10 moderate, 8 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

这是我的package.json份档案；

{
  "name": "eudio",
  "version": "1.0.0",
  "main": "node_modules/expo/AppEntry.js",
  "scripts": {
    "start": "expo start",
    "android": "expo start --android",
    "ios": "expo start --ios",
    "web": "expo start --web"
  },
  "dependencies": {
    "@expo/vector-icons": "^13.0.0",
    "@react-native-community/masked-view": "^0.1.11",
    "@react-navigation/drawer": "^6.5.8",
    "@react-navigation/native": "*",
    "@react-navigation/native-stack": "*",
    "expo": "^47.0.9",
    "expo-constants": "~14.0.2",
    "expo-contacts": "~11.0.1",
    "expo-file-system": "~15.1.1",
    "expo-font": "~11.0.1",
    "expo-location": "~15.0.1",
    "expo-sms": "~11.0.0",
    "expo-speech": "~11.0.0",
    "expo-status-bar": "~1.4.2",
    "firebase": "^9.16.0",
    "from": "^0.1.7",
    "native": "^0.3.3",
    "react": "18.1.0",
    "react-native": "0.70.8",
    "react-native-elements": "^3.4.3",
    "react-native-gesture-handler": "~2.8.0",
    "react-native-google-places-autocomplete": "*",
    "react-native-maps": "1.3.2",
    "react-native-maps-directions": "^1.9.0",
    "react-native-paper": "4.9.2",
    "react-native-reanimated": "~2.12.0",
    "react-native-safe-area-context": "4.4.1",
    "react-native-screens": "~3.18.0",
    "react-native-sha256": "^1.4.9",
    "react-native-svg": "13.4.0",
    "react-navigation": "^4.4.4",
    "reanimated-bottom-sheet": "*"
  },
  "devDependencies": {
    "@babel/core": "^7.12.9",
    "react-native-dotenv": "^3.4.8"
  },
  "private": true
}

我try 了多种解决方案，例如；

npm audit
npm audit fix
npm audit fix --force
npm update
npm upgrade
npx remove-node-modules
npm install
npm install --check

我还try 手动修复依赖项，以使它们兼容，但无济于事. 在大多数情况下，错误只会变得更糟.

然而，通过跑npx expo-doctor次，这就是结果；

$ npx expo-doctor

✔ Validating global prerequisites versions passed
✔ Checking for incompatible packages passed
✔ Checking for conflicting global packages in project passed
✔ Verifying prebuild support package versions are compatible passed
✔ Checking dependency versions for compatibility with the installed Expo SDK passed
✔ Validating Expo Config passed
✔ Checking package.json for common issues passed

Didn't find any issues with the project!

然而，依赖错误仍然存在.

我如何修复依赖关系？

Javascript 有没有更好的方法来修复 npm 漏洞

推荐答案

Javascript相关问答推荐

如果被1个Phaser JS抵消，我的倾斜碰撞

如何从defineExpose访问数据和方法

使用CDO时如何将Vue组件存储在html之外？

橡皮擦完全让画布变成白色

materialized - activeIndex返回-1

Cypress -使用commands.js将数据测试id串在一起失败，但在将它们串在一起时不使用命令有效

防止用户在selectizeInput中取消 Select 选项

如何禁用附加图标点击的v—自动完成事件

google docs boldText直到按行执行应用脚本错误

如何调用名称在字符串中的实例方法？

如何从隐藏/显示中删除其中一个点击？

Next.js服务器端组件请求，如何发送我的cookie token？

提交链接到AJAX数据结果的表单

从Nextjs中的 Select 项收集值，但当单击以处理时，未发生任何情况

DOM不自动更新，尽管运行倒计时TS，JS

在开发期间，Web浏览器如何运行&qot；.jsx&qot；文件？

TypeError：无法读取未定义的属性(正在读取'；宽度'；)

未捕获的运行时错误：调度程序为空

打字脚本中方括号符号属性访问和拾取实用程序的区别

是否设置以JavaScript为背景的画布元素？