Angular 发现1个高严重性漏洞(角材料安装)
我尝试使用Angular 发现1个高严重性漏洞(角材料安装),angular,installation,angular-material,Angular,Installation,Angular Material,我尝试使用npm install@angular/material--save安装angular material,但结果是: npm WARN @angular/material@7.3.7 requires a peer of @angular/cdk@7.3.7 but none is installed. You must install peer dependencies yourself. npm WARN optional SKIPPING OPTIONAL DEPENDENCY:
npm install@angular/material--save安装angular material,但结果是:
npm WARN @angular/material@7.3.7 requires a peer of @angular/cdk@7.3.7 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.9 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.9: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
+ @angular/material@7.3.7
updated 1 package and audited 42613 packages in 16.398s
found 1 high severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
我还尝试了npm audit fix
,得到了以下结果:
npm WARN @angular/material@7.3.7 requires a peer of @angular/cdk@7.3.7 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.9 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.9: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
up to date in 7.989s
fixed 0 of 1 vulnerability in 42613 scanned packages
1 vulnerability required manual review and could not be updated
然后我尝试了nmp审核
,结果如下:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Arbitrary File Overwrite
Package tar
Patched in >=4.4.2
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > node-sass > node-gyp > tar
More info https://nodesecurity.io/advisories/803
found 1 high severity vulnerability in 42613 scanned packages
1 vulnerability requires manual review. See the full report for details.
为什么会出现此错误以及如何修复它?新版本的tar已经发布。
删除文件夹node\u modules
和package lock.json
,然后执行以下命令:
npm安装
npm审计
npm审核修复程序
npm审计
只需安装材料所需的cdk即可npm install@angular/cdk--save
@Swoox:+@angular/cdk@7.3.7从1个参与者添加了2个包,并在15.819中审计了42616个包,发现1个高严重性漏洞运行npm audit fix来修复它们,或npm审计
details@Swoox:似乎安装cdk时也会出现同样的错误。