How to fix NPM package Tar, with high vulnerability about Arbitrary File Overwrite, when package is up to date?

后端 未结 4 1626
眼角桃花
眼角桃花 2021-02-01 14:19

I just installed Flickity from NPM and got an NPM Audit Security Report after running npm audit stating that I have a high vulnerability issue regarding Arbitra

4条回答
  •  猫巷女王i
    2021-02-01 15:01

    From the SASS github issue: open package-lock.json Find "tar" Which should look like this:

    "version": "2.2.1",
    "resolved": "https://registry.npmjs.org/tar/-/tar-2.2.1.tgz",
    "integrity": "sha1-jk0qJWwOIYXGsYrWlK7JaLg8sdE=",
    

    Replace those 3 lines with:

    "version": "4.4.8",
    "resolved": "https://registry.npmjs.org/tar/-/tar-4.4.8.tgz",
    "integrity": "sha512-LzHF64s5chPQQS0IYBn9IN5h3i98c12bo4NCO7e0sGM2llXQ3p2FGC5sdENN4cTW48O915Sh+x+EXx7XW96xYQ==",
    

    delete the folder:

    node_modules\npm
    npm i
    npm audit fix
    npm audit
    

    Tada!

提交回复
热议问题