每次我用npx create-react-app <AppName>创建react应用程序时,我得到:
96 vulnerabilities found - Packages audited: 1682
Severity: 65 Moderate | 30 High | 1 Critical
Node Version: v14.18.1
Npm: 7.20.5
React: ^17.0.2
当我使用npm audit fix或npm audit fix --force时,结果如下:
68 vulnerabilities (21 moderate, 45 high, 2 critical)
47 vulnerabilities (12 low, 18 moderate, 15 high, 2 critical)
58 vulnerabilities (16 moderate, 40 high, 2 critical)
48 vulnerabilities (12 low, 18 moderate, 16 high, 2 critical)
58 vulnerabilities (16 moderate, 40 high, 2 critical)
这里是审计细节:文本文件链接我做错了什么?
这是一个NPM Bug。请参阅此处查看更详细的解释。您只需要将react-scripts放在dev依赖项中,就像这样
"dependencies": {
"react": "^17.0.2",
"react-dom": "^17.0.2",
},
"devDependencies": {
"react-scripts": "4.0.3"
},
这个问题已经在GitHub上解决了。https://github.com/facebook/create-react-app/issues/11174如果你真的想审计,请使用npm audit --production。