Running suggested command doesn't fix NPM Vulnerability

我只是一个虾纸丫 提交于 2019-12-04 22:42:54

This worked for me on MacOS:

  • Update NPM to the new 6.1.0. It introduces a 'npm audit fix' command, more info here.
  • Run 'npm audit fix'.

When you run 'npm audit' again, the only vulnerabilities left should be "Manual Review" issues.

This seems to be a bug in npm 6.0.1 related to handling of optional dependencies: https://github.com/npm/npm/issues/20577

Source: https://github.com/npm/npm/issues/20675. One fsevents issue may do with the fact that

fsevents can't be installed on windows, so you will have to update it on a macOS machine.

That's a bit strange, since looking at exhnozoaa's solution, as of this date seems to imply otherwise:

I was able to work around this on Windows with the following steps.

  1. Open package-lock.json in an editor.
  2. Search for "fsevents". Find the one that is an object directly under "dependencies".
  3. Delete "fsevents" (the key and the whole object).
  4. From the terminal, run npm install.

This should regenerate that section with the latest version that is compatible with the other packages. I don't really think this is a good way to fix it, but it is one that worked for me.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!