Node.js 节点模块';更新或安装后是否不会更新的依赖项?
我想在我的应用程序中使用Node.js 节点模块';更新或安装后是否不会更新的依赖项?,node.js,npm,highcharts,Node.js,Npm,Highcharts,我想在我的应用程序中使用react highcharts。我使用了npm install react highcharts,成功地发出了警告: found 1 high severity vulnerability, run `npm audit fix` to fix them, or `npm audit` for details. npm审计修复什么也没做;它说我必须手动修复这个问题。我运行了npm审计,查看发生了什么,并得到了 === np
react highcharts
。我使用了npm install react highcharts
,成功地发出了警告:
found 1 high severity vulnerability, run `npm audit fix` to fix them, or `npm audit` for details.
npm审计修复
什么也没做;它说我必须手动修复这个问题。我运行了npm审计
,查看发生了什么,并得到了
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Cross-Site Scripting │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ highcharts │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=7.2.2 <8.0.0 || >=8.1.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-highcharts │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ react-highcharts > highcharts │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1227 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 994 scanned packages
1 vulnerability requires manual review. See the full report for details.
“如果它以ok结尾就行了,”但是你看:
❯ npm list highcharts
myproj@1.0.0 /Users/actinidia/myproj
└─┬ react-highcharts@16.1.0
└── highcharts@6.2.0
我还有highcharts@6.2.0
!运行npm install highcharts
只会得到highcharts的第二个副本,尽管新版本实际上是9.0.0版:
├── highcharts@9.0.0
└─┬ react-highcharts@16.1.0
└── highcharts@6.2.0
如何更新
react highcharts
将使用的依赖项?您应该先卸载highcharts,然后重新安装
npm uninstall react-highcharts
npm install react-highcharts
删除已安装的:node_模块和package-lock.json 修改package.json格式,如下所示 npm审核修复-强制 npm安装我遵循并安装了官方支持的Highcharts包装器。这很容易
❯ npm install highcharts-react-official
npm WARN highcharts-react-official@3.0.0 requires a peer of highcharts@>=6.0.0
but none is installed. You must install peer dependencies yourself.
+ highcharts-react-official@3.0.0
added 1 package and audited 992 packages in 4.48s
❯ npm install highcharts
+ highcharts@9.0.0
added 1 package from 1 contributor and audited 993 packages in 4.978s
这将产生两份highcharts(9.0.0和6.2.0);请参阅我文章的底部了解我的意思。然后,您应该在不使用highcharts的情况下修改package.json文件,并使用force命令安装npm。Hi@actinidia,我建议您使用官方支持的highcharts包装器:
❯ npm install highcharts-react-official
npm WARN highcharts-react-official@3.0.0 requires a peer of highcharts@>=6.0.0
but none is installed. You must install peer dependencies yourself.
+ highcharts-react-official@3.0.0
added 1 package and audited 992 packages in 4.48s
❯ npm install highcharts
+ highcharts@9.0.0
added 1 package from 1 contributor and audited 993 packages in 4.978s