我正在尝试将我的代码上传到服务器上,但由于存在中等漏洞,它不允许我这样做。我已经将我的问题缩小到从安装 react 应用程序下载的旧版本 postcss,特别是 react-scripts。我试过卸载 postcss 和 react-scripts然后安装 postcss首先,但是每当我进行安装时,它都会在其对 node-modules 的依赖项中安装一个错误的版本。文件夹。
记录一些错误,以防我的问题没有 postcss
Moderate Regular Expression Denial of Service
Package postcss
Patched in >=8.2.10
Dependency of react-scripts
Path react-scripts > postcss-preset-env > postcss-place > postcss
More info https://npmjs.com/advisories/1693
Moderate Regular Expression Denial of Service
Package postcss
Patched in >=8.2.10
Dependency of react-scripts
Path react-scripts > postcss-preset-env >
postcss-pseudo-class-any-link > postcss
More info https://npmjs.com/advisories/1693
Moderate Regular Expression Denial of Service
Package postcss
Patched in >=8.2.10
Dependency of react-scripts
Path react-scripts > postcss-preset-env >
postcss-replace-overflow-wrap > postcss
More info https://npmjs.com/advisories/1693
found 79 moderate severity vulnerabilities in 1994 scanned packages
79 vulnerabilities require manual review. See the full report for details.
PS C:\Users\pet22\JavaScriptProjects\skp-forum\front> npm uninstall react-scripts
removed 1839 packages and audited 152 packages in 17.069s
10 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
PS C:\Users\pet22\JavaScriptProjects\skp-forum\front> npm i react-scripts
npm WARN deprecated babel-eslint@10.1.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated rollup-plugin-babel@4.4.0: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-babel.
npm WARN deprecated @hapi/joi@15.1.1: Switch to 'npm install joi'
npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/address@2.1.4: Moved to 'npm install @sideway/address'
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated core-js@2.6.12: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
> core-js@2.6.12 postinstall C:\Users\pet22\JavaScriptProjects\skp-forum\front\node_modules\babel-runtime\node_modules\core-js
> node -e "try{require('./postinstall')}catch(e){}"
Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!
The project needs your help! Please consider supporting of core-js on Open Collective or Patreon:
> https://opencollective.com/core-js
> https://www.patreon.com/zloirock
Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)
> core-js@3.12.1 postinstall C:\Users\pet22\JavaScriptProjects\skp-forum\front\node_modules\core-js
> node -e "try{require('./postinstall')}catch(e){}"
> ejs@2.7.4 postinstall C:\Users\pet22\JavaScriptProjects\skp-forum\front\node_modules\ejs
> node ./postinstall.js
Thank you for installing EJS: built with the Jake JavaScript build tool (https://jakejs.com/)
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^2.1.3 (node_modules\react-scripts\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.2.7 (node_modules\watchpack-chokidar2\node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.2.7 (node_modules\webpack-dev-server\node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.13.12 requires a peer of @babel/core@^7.13.0 but none is installed. You must install peer dependencies yourself.
npm WARN tsutils@3.21.0 requires a peer of typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer
dependencies yourself.
+ react-scripts@4.0.3
added 1839 packages from 659 contributors and audited 1994 packages in 57.301s
139 packages are looking for funding
run `npm fund` for details
found 79 moderate severity vulnerabilities
run `npm audit fix` to fix them, or `npm audit` for details
npm audit fix 对我没有任何作用。问题:如何在不安装低于 8.2.10 的 postcss 的情况下安装 react-scripts?
最佳答案
我通过更好的 npm 审计暂时为自己解决了这个问题。 better npm audit
您必须在顶层创建一些 .nsprc 文件并根据示例(编号 1693)添加异常。将审计命令放入 package.json 并可能更改构建脚本(您应该使用“npm run audit”而不是“npm audit”)。
这并没有解决原始问题,但至少构建不再失败。
关于node.js - 在没有 postcss 的情况下安装 react-scripts,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67479218/