如何解决wan 我使用 npx create-react-app App_Name 创建新的反应应用程序显示此错误发现 8 个漏洞
wan 我在 React 中创建了一个新应用 创建应用程序的命令 npx create-react-app 它显示此错误 在 2166 个扫描包中发现 8 个漏洞(4 个中等,4 个高) 8 个漏洞需要人工审核。有关详细信息,请参阅完整报告。 我正在使用最新版本的 node.js 我运行 Comment "npm audit fix" 或 "npm audit fix --force" 但它没有修复我的错误 这是所有错误 命令“NPM 审计”
Moderate Regular Expression Denial of Service
Package postcss
Patched in >=7.0.36 <8.0.0 || >=8.2.10
Dependency of react-scripts
Path react-scripts > resolve-url-loader > postcss
More info https://npmjs.com/advisories/1693
Moderate Regular Expression Denial of Service
Package browserslist
Patched in >=4.16.5
Dependency of react-scripts
Path react-scripts > react-dev-utils > browserslist
More info https://npmjs.com/advisories/1747
Moderate Regular expression denial of service
Package glob-parent
Patched in >=5.1.2
Dependency of react-scripts
Path react-scripts > webpack > watchpack > watchpack-chokidar2 >
chokidar > glob-parent
More info https://npmjs.com/advisories/1751
Moderate Regular expression denial of service
Package glob-parent
Patched in >=5.1.2
Dependency of react-scripts
Path react-scripts > webpack-dev-server > chokidar > glob-parent
More info https://npmjs.com/advisories/1751
High Denial of Service
Package css-what
Patched in >=5.0.1
Dependency of react-scripts
Path react-scripts > @svgr/webpack > @svgr/plugin-svgo > svgo >
css-select > css-what
More info https://npmjs.com/advisories/1754
High Denial of Service
Package css-what
Patched in >=5.0.1
Dependency of react-scripts
Path react-scripts > optimize-css-assets-webpack-plugin > cssnano
> cssnano-preset-default > postcss-svgo > svgo > css-select
> css-what
More info https://npmjs.com/advisories/1754
High Regular Expression Denial of Service
Package normalize-url
Patched in >=4.5.1 <5.0.0 || >=5.3.1 <6.0.0 || >=6.0.1
Dependency of react-scripts
Path react-scripts > mini-css-extract-plugin > normalize-url
More info https://npmjs.com/advisories/1755
High Regular Expression Denial of Service
Package normalize-url
Patched in >=4.5.1 <5.0.0 || >=5.3.1 <6.0.0 || >=6.0.1
Dependency of react-scripts
Path react-scripts > optimize-css-assets-webpack-plugin > cssnano
> cssnano-preset-default > postcss-normalize-url >
normalize-url
More info https://npmjs.com/advisories/1755
found 8 vulnerabilities (4 moderate,4 high) in 2166 scanned packages
8 vulnerabilities require manual review. See the full report for details.
解决方法
请参阅我几周前在此处发布的问题 postcss 7.0.0 - 8.2.9 Severity: moderate Regular Expression Denial of Service。
简短的回答是还没有补丁,所以您应该等待,或者,如果您负担不起,那么您将需要使用 yarn,如其中一个答案中所述。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
