Npm 新产品管理“;“减压”;包含@truffle/contract包时包任意文件写入错误
我目前正在尝试运行一个项目。当我尝试安装带有Npm 新产品管理“;“减压”;包含@truffle/contract包时包任意文件写入错误,npm,ethereum,package.json,truffle,Npm,Ethereum,Package.json,Truffle,我目前正在尝试运行一个项目。当我尝试安装带有npm install的软件包时,我发现在68482个扫描的软件包中发现了12个漏洞(8个低,4个高)。在@truffle/contract中使用的包解压似乎有问题,因为这是审计报告: High Arbitrary File Write Package decompress Patched in No patch available Dependency of @truffle/
npm install
的软件包时,我发现在68482个扫描的软件包中发现了12个漏洞(8个低,4个高)。在@truffle/contract
中使用的包解压
似乎有问题,因为这是审计报告:
High Arbitrary File Write
Package decompress
Patched in No patch available
Dependency of @truffle/contract [dev]
Path @truffle/contract > @truffle/interface-adapter > web3 >
web3-bzz > swarm-js > decompress
More info https://npmjs.com/advisories/1217
High Arbitrary File Write
Package decompress
Patched in No patch available
Dependency of @truffle/contract [dev]
Path @truffle/contract > ethereum-ens > web3 > web3-bzz >
swarm-js > decompress
More info https://npmjs.com/advisories/1217
High Arbitrary File Write
Package decompress
Patched in No patch available
Dependency of @truffle/contract [dev]
Path @truffle/contract > web3 > web3-bzz > swarm-js > decompress
More info https://npmjs.com/advisories/1217
High Arbitrary File Write
Package decompress
Patched in No patch available
Dependency of decompress [dev]
Path decompress
More info https://npmjs.com/advisories/1217
我只复制了具有高漏洞的报告部分
不幸的是,帮助链接(“”)也没有解决方案
当我包含@truffle/contract
包时,我发现解压
包有问题。这些是我的依赖项:
"dependencies": {
"@angular/animations": "9.0.7",
"@angular/common": "9.0.7",
"@angular/compiler": "9.0.7",
"@angular/compiler-cli": "9.0.7",
"@angular/core": "9.0.7",
"@angular/forms": "9.0.7",
"@angular/platform-browser": "9.0.7",
"@angular/platform-browser-dynamic": "9.0.7",
"@ionic-native/core": "5.22.0",
"@ionic-native/qr-scanner": "5.22.0",
"@ionic-native/splash-screen": "5.22.0",
"@ionic-native/status-bar": "5.22.0",
"@ionic/storage": "2.2.0",
"angular": "1.7.9",
"cordova-android": "^8.1.0",
"cordova-browser": "5.0.4",
"cordova-plugin-device": "^2.0.2",
"cordova-plugin-ionic-keyboard": "^2.1.3",
"cordova-plugin-ionic-webview": "^4.1.3",
"cordova-plugin-qrscanner": "^2.6.0",
"cordova-plugin-splashscreen": "^5.0.2",
"cordova-plugin-whitelist": "^1.3.3",
"cordova-sqlite-storage": "^2.4.0",
"node-pre-gyp": "0.14.0",
"picomatch": "2.2.1",
"rxjs": "^6.5.3",
"tslib": "1.10.0",
"zone.js": "0.10.3"
},
"devDependencies": {
"@ionic/cli": "6.3.0",
"@truffle/contract": "^4.1.13",
"@types/node": "^10.11.5",
"cordova": "^9.0.0",
"cross-env": "7.0.2",
"decompress": "^4.2.0",
"ganache-cli": "6.9.1",
"http-server": "0.12.1",
"minimist": "^1.2.5",
"superagent": "5.2.2",
"truffle": "5.1.17",
"truffle-wallet-provider": "^0.0.5",
"typescript": "3.7.3"
},
"optionalDependencies": {
"fsevents": "*"
},
有人能帮我解决这个错误吗
Elias