我在React Native中有一个应用程序,当我运行npm install时,我收到了这个错误"在1182个扫描包中发现了15个漏洞(5个中等,10个高)"。在运行npm audit后,大多数错误包含如下内容:
set-value中的高原型污染
包设定值
修补>=4.0.1
react-native的依赖
Path react-native>@react-native-community/cli祝辞@react-native-community/cli-plugin-metro比;metro-config祝辞metro-core祝辞jest-haste-map祝辞理智的祝辞anymatch祝辞micromatch祝辞括号比;金鱼草比;基地在cache-base祝辞给定值
更多信息https://github.com/advisories/liA-4jqc-8m5r-9rpr
:
谁能帮我解决这些问题?中等低效正则表达式复杂度in粉笔/ansi-regex
包ansi-regex
修补>=5.0.1
react-native的依赖
Path react-native>@react-native-community/cli祝辞strip-ansi祝辞ansi-regex
更多信息https://github.com/advisories/liA-93q8-gq69-wqmw
关于Moderate Inefficient Regular Expression Complexity in chalk/ansi-regex,请参阅Qix对以下线程的评论:https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
tldr:在用户输入到达API之前对其进行消毒,如果可以的话