Node.js Npm审核修复--强制增加易受攻击的数量。我怎样才能修好它们?
这是一个位于AWS S3和cloud front上的Gatsby静态站点。它是从一个旧模板构建的,因此我不得不手动更新很多依赖项,包括从v2到v3的Gatsby 该站点运行良好,但我确信npm发现了Node.js Npm审核修复--强制增加易受攻击的数量。我怎样才能修好它们?,node.js,npm,npm-audit,Node.js,Npm,Npm Audit,这是一个位于AWS S3和cloud front上的Gatsby静态站点。它是从一个旧模板构建的,因此我不得不手动更新很多依赖项,包括从v2到v3的Gatsby 该站点运行良好,但我确信npm发现了9个漏洞(4低5高),然而,当我运行npm审计修复程序时,强制执行,将漏洞增加到27个(22低5高)。如果我再次运行它,它会恢复 npm审计报告包括: mem <4.0.0 Denial of Service - https://npmjs.com/advisories/1084 fix av
9个漏洞(4低5高)
,然而,当我运行npm审计修复程序时,强制执行,将漏洞增加到27个(22低5高)
。如果我再次运行它,它会恢复
npm审计报告包括:
mem <4.0.0
Denial of Service - https://npmjs.com/advisories/1084
fix available via `npm audit fix --force`
Will install gatsby-plugin-s3@0.2.4, which is a breaking change
node_modules/mem
in-gfw *
Depends on vulnerable versions of mem
node_modules/in-gfw
git-win >=1.5.6
Depends on vulnerable versions of in-gfw
node_modules/git-win
fs-posix >=4.0.0
Depends on vulnerable versions of git-win
node_modules/fs-posix
gatsby-plugin-s3 >=0.2.5
Depends on vulnerable versions of fs-posix
Depends on vulnerable versions of proxy-agent
node_modules/gatsby-plugin-s3
我还尝试安装一些插件/模块的最新版本,如gatsby-plugin-s3
,但这并没有改变状态
如果npm audit fix--force不能修复这些漏洞,我该如何修复它们
即使我使用的是盖茨比,但我没有使用API
,知道所有内容都在项目内部,这也可能很有用
netmask <2.0.1
Severity: high
netmask npm package vulnerable to octal input data - https://npmjs.com/advisories/1658
fix available via `npm audit fix --force`
Will install gatsby-plugin-s3@0.2.4, which is a breaking change
node_modules/pac-resolver/node_modules/netmask
pac-resolver <=4.1.0
Depends on vulnerable versions of netmask
node_modules/pac-resolver
pac-proxy-agent <=3.0.1
Depends on vulnerable versions of pac-resolver
node_modules/pac-proxy-agent
proxy-agent 1.1.0 - 3.1.1
Depends on vulnerable versions of pac-proxy-agent
node_modules/proxy-agent
gatsby-plugin-s3 >=0.2.5
Depends on vulnerable versions of fs-posix
Depends on vulnerable versions of proxy-agent
node_modules/gatsby-plugin-s3
9 vulnerabilities (4 low, 5 high)
To address all issues (including breaking changes), run:
npm audit fix --force