当我使用 npx create-react-app my-app 创建 react 项目>它向我显示一个错误:
发现 1 个低严重性漏洞运行
npm audit fix来修复它们,或npm audit了解详细信息。
我试图使用 npm 审计修复程序解决此问题,但它不起作用。
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Prototype Pollution
Package yargs-parser
Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2
Dependency of react-scripts
Path react-scripts > webpack-dev-server > yargs > yargs-parser
More info https://npmjs.com/advisories/1500
found 1 low severity vulnerability in 1618 scanned packages
1 vulnerability requires manual review. See the full report for details.
这些低安全性漏洞不应该阻止你,这在 npm 生态系统中有点"正常"。在创建 React App 的上下文中,这不是一个真正的"漏洞",因为它会产生静态捆绑包,但如果你恢复你的依赖项,它应该会消失。
npm --depth 999 update set-value && npm --depth 999 update mixin-deep