问题
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Remote Code Execution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ serialize-javascript │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.1.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @ionic/angular-toolkit [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @ionic/angular-toolkit > copy-webpack-plugin > │
│ │ serialize-javascript │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1548 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 2 vulnerabilities (1 low, 1 high) in 1493 scanned packages
1 vulnerability requires semver-major dependency updates.
1 vulnerability requires manual review. See the full report for details.
when I am starting new project with ionic start
, I am getting this error.
how can I fix it ? Thanks all of you.
my ionic information is here
Ionic CLI : 6.11.0 (/usr/local/lib/node_modules/@ionic/cli)
Ionic Framework : @ionic/angular 5.3.1
@angular-devkit/build-angular : 0.901.12
@angular-devkit/schematics : 9.1.12
@angular/cli : 9.1.12
@ionic/angular-toolkit : 2.3.0
回答1:
From https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities
To find the package that must be updated, check the “Path” field for the location of the package with the vulnerability, then check for the package that depends on it. For example, if the path to the vulnerability is @package-name > dependent-package > package-with-vulnerability, you will need to update dependent-package.
It looks that you need to update https://www.npmjs.com/package/copy-webpack-plugin
回答2:
npm i @ionic/angular-toolkit
2.3.1 of Angular toolkit is released!
来源:https://stackoverflow.com/questions/63376428/remote-code-execution-error-when-ionic-start-project