运行npm安装时，带有Liviare-Laravel 8-Node漏洞的Jetstream

我使用Sail安装带有Jetstream和Livewire的Laravel 8。

当我运行屏幕中返回的命令npm install时：

99 packages are looking for funding
run `npm fund` for details
34 moderate severity vulnerabilities

所以，我运行命令npm audit:

postcss  7.0.0 - 8.2.9
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/1693
fix available via `npm audit fix --force`
Will install laravel-mix@5.0.9, which is a breaking change
node_modules/@types/cssnano/node_modules/postcss
node_modules/css-declaration-sorter/node_modules/postcss
node_modules/cssnano-preset-default/node_modules/postcss
node_modules/cssnano-util-raw-cache/node_modules/postcss
node_modules/cssnano/node_modules/postcss
node_modules/postcss-calc/node_modules/postcss
node_modules/postcss-colormin/node_modules/postcss
node_modules/postcss-convert-values/node_modules/postcss
node_modules/postcss-discard-comments/node_modules/postcss
node_modules/postcss-discard-duplicates/node_modules/postcss
node_modules/postcss-discard-empty/node_modules/postcss
node_modules/postcss-discard-overridden/node_modules/postcss
node_modules/postcss-merge-longhand/node_modules/postcss
node_modules/postcss-merge-rules/node_modules/postcss
node_modules/postcss-minify-font-values/node_modules/postcss
node_modules/postcss-minify-gradients/node_modules/postcss
node_modules/postcss-minify-params/node_modules/postcss
node_modules/postcss-minify-selectors/node_modules/postcss
node_modules/postcss-normalize-charset/node_modules/postcss
node_modules/postcss-normalize-display-values/node_modules/postcss
node_modules/postcss-normalize-positions/node_modules/postcss
node_modules/postcss-normalize-repeat-style/node_modules/postcss
node_modules/postcss-normalize-string/node_modules/postcss
node_modules/postcss-normalize-timing-functions/node_modules/postcss
node_modules/postcss-normalize-unicode/node_modules/postcss
node_modules/postcss-normalize-url/node_modules/postcss
node_modules/postcss-normalize-whitespace/node_modules/postcss
node_modules/postcss-ordered-values/node_modules/postcss
node_modules/postcss-reduce-initial/node_modules/postcss
node_modules/postcss-reduce-transforms/node_modules/postcss
node_modules/postcss-svgo/node_modules/postcss
node_modules/postcss-unique-selectors/node_modules/postcss
node_modules/stylehacks/node_modules/postcss
css-declaration-sorter  4.0.0 - 5.1.2
Depends on vulnerable versions of postcss
node_modules/css-declaration-sorter
cssnano  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.1.1 - 4.1.11
Depends on vulnerable versions of postcss
node_modules/cssnano
laravel-mix  5.0.8 || >=6.0.0-alpha.0
Depends on vulnerable versions of cssnano
node_modules/laravel-mix
cssnano-preset-default  <=4.0.0-rc.2 || 4.0.1 - 4.0.8
Depends on vulnerable versions of cssnano-util-raw-cache
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-minify-gradients
node_modules/cssnano-preset-default
cssnano-util-raw-cache  >=4.0.1
Depends on vulnerable versions of postcss
node_modules/cssnano-util-raw-cache
postcss-calc  6.0.2 - 7.0.5
Depends on vulnerable versions of postcss
node_modules/postcss-calc
postcss-colormin  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.2 - 4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-colormin
postcss-convert-values  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-convert-values
postcss-discard-comments  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-comments
postcss-discard-duplicates  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-duplicates
postcss-discard-empty  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-empty
postcss-discard-overridden  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-overridden
postcss-merge-longhand  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.6 - 4.0.11
Depends on vulnerable versions of postcss
node_modules/postcss-merge-longhand
postcss-merge-rules  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.2 - 4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-merge-rules
postcss-minify-font-values  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-font-values
postcss-minify-gradients  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-gradients
postcss-minify-params  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-params
postcss-minify-selectors  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-selectors
postcss-normalize-charset  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-charset
postcss-normalize-display-values  <=4.0.0-rc.2 || 4.0.1 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-display-values
postcss-normalize-positions  <=4.0.0-rc.2 || 4.0.1 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-positions
postcss-normalize-repeat-style  <=4.0.0-rc.2 || 4.0.1 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-repeat-style
postcss-normalize-string  <=4.0.0-rc.2 || 4.0.1 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-string
postcss-normalize-timing-functions  <=4.0.0-rc.2 || 4.0.1 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-timing-functions
postcss-normalize-unicode  <=4.0.0-rc.2 || 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-unicode
postcss-normalize-url  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-url
postcss-normalize-whitespace  <=4.0.0-rc.2 || 4.0.1 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-whitespace
postcss-ordered-values  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.1.1 - 4.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-ordered-values
postcss-reduce-initial  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.2 - 4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-initial
postcss-reduce-transforms  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-transforms
postcss-svgo  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 - 4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-svgo
postcss-unique-selectors  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-unique-selectors
stylehacks  4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 - 4.0.3
Depends on vulnerable versions of postcss
node_modules/stylehacks

从laravel-mix中搜索GitHub问题，我在laravel-mix中看到了关于cssnano的更新，这取决于postpass。

我尝试运行npm update和npm upgrade

但是，当我在node_moduleslaravel-mixpackage.json中打开package.json时，与GitHub(Laravel混合(相比，内容有所不同。我的本地文件有cssnano的旧版本和丢失的文件，但laravel-mix的版本是正确的。

{
"name": "laravel-mix",
"version": "6.0.19",
"description": "The power of webpack, distilled for the rest of us.",
"main": "src/index.js",
"types": "types/index.d.ts",
"scripts": {
"mix": "./bin/cli.js",
"test": "ava --verbose --serial --timeout=30s",
"eslint": "eslint setup/ src/ test/ --max-warnings=0"
},
"husky": {
"hooks": {
"pre-commit": "pretty-quick --staged"
}
},
"ava": {
"require": [
"esm"
]
},
"bin": {
"mix": "./bin/cli.js",
"laravel-mix": "./bin/cli.js"
},
"repository": "JeffreyWay/laravel-mix",
"bugs": {
"url": "https://github.com/JeffreyWay/laravel-mix/issues"
},
"homepage": "https://github.com/JeffreyWay/laravel-mix#readme",
"keywords": [
"laravel",
"webpack",
"laravel elixir",
"laravel mix"
],
"author": "Jeffrey Way",
"license": "MIT",
"files": [
"icons",
"setup",
"src",
"types"
],
"dependencies": {
"@babel/core": "^7.12.3",
"@babel/plugin-proposal-object-rest-spread": "^7.12.1",
"@babel/plugin-syntax-dynamic-import": "^7.8.3",
"@babel/plugin-transform-runtime": "^7.12.1",
"@babel/preset-env": "^7.12.1",
"@babel/runtime": "^7.12.1",
"@types/babel__core": "^7.1.12",
"@types/browser-sync": "^2.26.1",
"@types/clean-css": "^4.2.2",
"@types/cssnano": "^4.0.0",
"@types/imagemin-gifsicle": "^7.0.0",
"@types/imagemin-mozjpeg": "^8.0.0",
"@types/imagemin-optipng": "^5.2.0",
"@types/imagemin-svgo": "^8.0.0",
"autoprefixer": "^10.0.1",
"babel-loader": "^8.1.0",
"chalk": "^4.1.0",
"chokidar": "^3.4.3",
"clean-css": "^4.2.3 || ^5.1.1",
"cli-table3": "^0.6.0",
"collect.js": "^4.28.4",
"commander": "^7.1.0",
"concat": "^1.0.3",
"css-loader": "^5.0.0",
"cssnano": "^4.1.11",
"dotenv": "^8.2.0",
"dotenv-expand": "^5.1.0",
"file-loader": "^6.1.1",
"fs-extra": "^9.0.1",
"glob": "^7.1.6",
"html-loader": "^1.3.2",
"imagemin": "^7.0.1",
"img-loader": "^3.0.2",
"lodash": "^4.17.20",
"md5": "^2.3.0",
"mini-css-extract-plugin": "^1.1.0",
"node-libs-browser": "^2.2.1",
"postcss-load-config": "^3.0.0",
"postcss-loader": "^5.2.0",
"semver": "^7.3.4",
"strip-ansi": "^6.0.0",
"style-loader": "^2.0.0",
"terser": "^5.3.7",
"terser-webpack-plugin": "^5.0.0",
"vue-style-loader": "^4.1.3",
"webpack": "^5.25.1",
"webpack-cli": "^4.1.0",
"webpack-dev-server": "4.0.0-beta.2",
"webpack-merge": "^5.2.0",
"webpack-notifier": "^1.8.0",
"webpackbar": "^5.0.0-3",
"yargs": "^16.1.0"
},
"devDependencies": {
"@babel/eslint-parser": "^7.12.1",
"@babel/plugin-proposal-class-properties": "^7.12.1",
"@babel/preset-react": "^7.12.1",
"@pmmmwh/react-refresh-webpack-plugin": "^0.5.0-beta.0",
"@types/fs-extra": "^9.0.8",
"@types/koa": "^2.13.1",
"@types/koa-static": "^4.0.1",
"@types/lodash": "^4.14.168",
"@types/mock-require": "^2.0.0",
"@types/react": "^17.0.0",
"@types/react-dom": "^17.0.0",
"@types/semver": "^7.3.4",
"@types/sinon": "^9.0.11",
"@vue/compiler-sfc": "^3.0.1",
"ava": "^3.13.0",
"browserslist": "^4.16.0",
"coffee-loader": "^2.0.0",
"coffeescript": "^2.5.1",
"core-js": "^3.6.5",
"eol": "^0.9.1",
"eslint": "^7.11.0",
"esm": "^3.2.25",
"husky": "^4.3.0",
"koa": "^2.13.0",
"koa-static": "^5.0.0",
"less": "^3.12.2 || ^4.0.0",
"less-loader": "^8.0.0",
"mock-require": "^3.0.3",
"normalize.css": "^8.0.1",
"playwright": "^1.10.0",
"postcss": "^8.1.2",
"postcss-custom-properties": "^11.0.0",
"prettier": "^2.2.1",
"pretty-quick": "^3.1.0",
"react": "^17.0.1",
"react-dom": "^17.0.1",
"react-refresh": "^0.9.0",
"resolve-url-loader": "^3.1.1",
"sass": "^1.27.0",
"sass-loader": "^11.0.1",
"sass-resources-loader": "^2.1.1",
"sinon": "^9.2.0",
"stylus": "^0.54.8",
"stylus-loader": "^5.0.0",
"temp-sandbox": "^4.0.1",
"ts-loader": "^8.0.18",
"typescript": "^4.2.3",
"vue-loader15": "npm:vue-loader@^15.9.1",
"vue-loader16": "npm:vue-loader@^16.1.0",
"vue-template-compiler": "^2.6.12",
"vue2": "npm:vue@^2.6.12",
"vue3": "npm:vue@^3.0.1"
},
"peerDependencies": {
"postcss": "^8.1.2"
},
"engines": {
"node": ">=12.14.0"
}
}

关于邮政编码的额外信息：

html@ /var/www/html
+-- laravel-mix@6.0.19
| +-- @types/cssnano@4.0.0
| | `-- postcss@7.0.35
| +-- autoprefixer@10.2.6
| | `-- postcss@8.3.0 deduped
| +-- css-loader@5.2.6
| | +-- icss-utils@5.1.0
| | | `-- postcss@8.3.0 deduped
| | +-- postcss-modules-extract-imports@3.0.0
| | | `-- postcss@8.3.0 deduped
| | +-- postcss-modules-local-by-default@4.0.0
| | | `-- postcss@8.3.0 deduped
| | +-- postcss-modules-scope@3.0.0
| | | `-- postcss@8.3.0 deduped
| | +-- postcss-modules-values@4.0.0
| | | `-- postcss@8.3.0 deduped
| | `-- postcss@8.3.0 deduped
| +-- cssnano@4.1.11
| | +-- cssnano-preset-default@4.0.8
| | | +-- css-declaration-sorter@4.0.1
| | | | `-- postcss@7.0.35
| | | +-- cssnano-util-raw-cache@4.0.1
| | | | `-- postcss@7.0.35
| | | +-- postcss-calc@7.0.5
| | | | `-- postcss@7.0.35
| | | +-- postcss-colormin@4.0.3
| | | | `-- postcss@7.0.35
| | | +-- postcss-convert-values@4.0.1
| | | | `-- postcss@7.0.35
| | | +-- postcss-discard-comments@4.0.2
| | | | `-- postcss@7.0.35
| | | +-- postcss-discard-duplicates@4.0.2
| | | | `-- postcss@7.0.35
| | | +-- postcss-discard-empty@4.0.1
| | | | `-- postcss@7.0.35
| | | +-- postcss-discard-overridden@4.0.1
| | | | `-- postcss@7.0.35
| | | +-- postcss-merge-longhand@4.0.11
| | | | +-- postcss@7.0.35
| | | | `-- stylehacks@4.0.3
| | | |   `-- postcss@7.0.35
| | | +-- postcss-merge-rules@4.0.3
| | | | `-- postcss@7.0.35
| | | +-- postcss-minify-font-values@4.0.2
| | | | `-- postcss@7.0.35
| | | +-- postcss-minify-gradients@4.0.2
| | | | `-- postcss@7.0.35
| | | +-- postcss-minify-params@4.0.2
| | | | `-- postcss@7.0.35
| | | +-- postcss-minify-selectors@4.0.2
| | | | `-- postcss@7.0.35
| | | +-- postcss-normalize-charset@4.0.1
| | | | `-- postcss@7.0.35
| | | +-- postcss-normalize-display-values@4.0.2
| | | | `-- postcss@7.0.35
| | | +-- postcss-normalize-positions@4.0.2
| | | | `-- postcss@7.0.35
| | | +-- postcss-normalize-repeat-style@4.0.2
| | | | `-- postcss@7.0.35
| | | +-- postcss-normalize-string@4.0.2
| | | | `-- postcss@7.0.35
| | | +-- postcss-normalize-timing-functions@4.0.2
| | | | `-- postcss@7.0.35
| | | +-- postcss-normalize-unicode@4.0.1
| | | | `-- postcss@7.0.35
| | | +-- postcss-normalize-url@4.0.1
| | | | `-- postcss@7.0.35
| | | +-- postcss-normalize-whitespace@4.0.2
| | | | `-- postcss@7.0.35
| | | +-- postcss-ordered-values@4.1.2
| | | | `-- postcss@7.0.35
| | | +-- postcss-reduce-initial@4.0.3
| | | | `-- postcss@7.0.35
| | | +-- postcss-reduce-transforms@4.0.2
| | | | `-- postcss@7.0.35
| | | +-- postcss-svgo@4.0.3
| | | | `-- postcss@7.0.35
| | | +-- postcss-unique-selectors@4.0.1
| | | | `-- postcss@7.0.35
| | | `-- postcss@7.0.35
| | `-- postcss@7.0.35
| +-- postcss-loader@5.3.0
| | `-- postcss@8.3.0 deduped
| `-- postcss@8.3.0 deduped
+-- postcss-import@14.0.2
| `-- postcss@8.3.0 deduped
+-- postcss@8.3.0
`-- tailwindcss@2.1.4
+-- @fullhuman/postcss-purgecss@3.1.3
| `-- purgecss@3.1.3
|   `-- postcss@8.3.0 deduped
+-- postcss-functions@3.0.0
| `-- postcss@6.0.23
+-- postcss-js@3.0.3
| `-- postcss@8.3.0 deduped
+-- postcss-nested@5.0.5
| `-- postcss@8.3.0 deduped
`-- postcss@8.3.0 deduped

我不知道该怎么办，我需要帮助。