如何解决安装 react-scripts 导致漏洞
我之前卸载了 react-scripts 试图修复终端中的错误。现在,当我运行 npm install react-scripts 时,它给了我:
Cole@Coles-MacBook-Pro-4 client % npm i react-scripts
npm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and Could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and Could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated babel-eslint@10.1.0: babel-eslint is Now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated @hapi/address@2.1.4: Moved to 'npm install @sideway/address'
npm WARN deprecated rollup-plugin-babel@4.4.0: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-babel.
npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/joi@15.1.1: Switch to 'npm install joi'
npm WARN deprecated core-js@2.6.12: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims,feature detection in old core-js versions Could cause a slowdown up to 100x even if nothing is polyfilled. Please,upgrade your dependencies to the actual version of core-js.
added 1881 packages,changed 1 package,and audited 1986 packages in 58s
138 packages are looking for funding
run `npm fund` for details
87 vulnerabilities (81 moderate,6 high)
To address all issues,run:
npm audit fix
Run `npm audit` for details.
但是当我运行 npm uninstall react-scripts 时,它给了我这个:
Cole@Coles-MacBook-Pro-4 client % npm uninstall react-scripts
removed 1882 packages,and audited 104 packages in 15s
4 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
显然我确实需要 react-scripts 以便我可以开始我的项目的开发。当我在卸载 react-scripts 的情况下运行 npm start 时,它给了我 sh: react-scripts: command not found
如何在不导致漏洞的情况下安装 react-scripts?
编辑:当我尝试 npm audit fix 时,它给了我这个讨厌的信息:
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! Found: type-fest@0.21.3
npm ERR! node_modules/type-fest
npm ERR! type-fest@"^0.21.3" from ansi-escapes@4.3.2
npm ERR! node_modules/ansi-escapes
npm ERR! ansi-escapes@"^4.2.1" from @jest/core@26.6.3
npm ERR! node_modules/@jest/core
npm ERR! @jest/core@"^26.6.0" from jest@26.6.0
npm ERR! node_modules/jest
npm ERR! peer jest@"^26.0.0" from jest-watch-typeahead@0.6.1
npm ERR! node_modules/jest-watch-typeahead
npm ERR! 1 more (react-scripts)
npm ERR! 1 more (jest-cli)
npm ERR! ansi-escapes@"^4.3.1" from jest-watch-typeahead@0.6.1
npm ERR! node_modules/jest-watch-typeahead
npm ERR! jest-watch-typeahead@"0.6.1" from react-scripts@4.0.3
npm ERR! node_modules/react-scripts
npm ERR! react-scripts@"^4.0.3" from the root project
npm ERR! 2 more (jest-watcher,terminal-link)
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peerOptional type-fest@"^0.13.1" from @pmmmwh/react-refresh-webpack-plugin@0.4.3
npm ERR! node_modules/@pmmmwh/react-refresh-webpack-plugin
npm ERR! @pmmmwh/react-refresh-webpack-plugin@"0.4.3" from react-scripts@4.0.3
npm ERR! node_modules/react-scripts
npm ERR! react-scripts@"^4.0.3" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict,or retry
npm ERR! this command with --force,or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See /Users/Cole/.npm/eresolve-report.txt for a full report.
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/Cole/.npm/_logs/2021-05-26T13_04_40_793Z-debug.log
也许我必须卸载并重新安装整个 create-react-app 软件包?我在不同的文件夹中启动了一个不同的项目,但在输入 npx create-react-app <name> 后它仍然存在相同的问题。听起来我的整个电脑现在都搞砸了。
解决方法
如何在不导致漏洞的情况下安装 react-scripts?
你不能。您必须等待作者(在本例中为 Facebook)更新其依赖项以消除漏洞。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
