的未支撑平台
我运行NPM审核命令
=== NPM审核安全报告===
`Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance `
High │ Arbitrary File Overwrite
Package │ tar
Patched in │ >=4.4.2
Dependency of │ @angular-devkit/build-angular [dev]
Path │ @angular-devkit/build-angular > node-sass > node-gyp >tar
More info │ https://nodesecurity.io/advisories/803
它的说法found 1 high severity vulnerability in 42611 scanned packages
1 vulnerability requires manual review。与@angular-devkit/build-angular有关,恐怕它是否会在我的项目中创建其他任何问题。
我运行NPM审核时修复命令
npm WARN optional SKIPPING OPTIONAL
DEPENDENCY:fsevents@1.2.9 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL
DEPENDENCY:Unsupported platform for
fsevents@1.2.9: wanted {"os":"darwin","arch":"any"}
(current: {"os":"linux","arch":"x64"})
因此,如何在具有Linux操作系统的任何系统中进行修复。让我们考虑忽略上述NPM审核修复结果,因为它以某种方式警告。但是NPM审核的结果被认为是高严重性脆弱性。如何解决此问题。
Angular CLI版本
Angular CLI: 7.3.8
Node: 10.0.0
OS: linux x64
Angular: 7.2.14
... animations, common, compiler, compiler-cli, core, forms
... language-service, platform-browser, platform-browser-dynamic
... router
Package Version
-----------------------------------------------------------
@angular-devkit/architect 0.13.8
@angular-devkit/build-angular 0.13.8
@angular-devkit/build-optimizer 0.13.8
@angular-devkit/build-webpack 0.13.8
@angular-devkit/core 7.3.8
@angular-devkit/schematics 7.3.8
@angular/cli 7.3.8
@ngtools/webpack 7.3.8
@schematics/angular 7.3.8
@schematics/update 0.13.8
rxjs 6.3.3
typescript 3.2.4
webpack 4.29.0
帮助我解决此问题。谢谢
此漏洞已修复。
删除node_modules和package-lock.json,然后运行命令:
-
npm install -
npm audit -
npm audit fix -
npm audit
Found 0 vulnerabilities将出现,问题已解决。
我想要这个。这是我为修复审核所做的。
问题是tar,这是节点gyp的依赖项。
解决方案在这里:https://github.com/sass/node-sass/issues/2625做" Mohsenari"所建议的事情。它对我有用。
对于不支持的可选速度,这是另一个故事,但这只是一个警告,没什么大不了的。
之所以发生,是因为fsevents是一种可选的依赖性,仅在 项目在MacOS环境上运行(软件包提供'本机 访问Mac OS-X FSEVENTS'(。
来源: npm警告notsup跳过可选依赖性:fsevents@1.0.0.14