Remote Code Execution ERROR when ionic start project

白昼怎懂夜的黑 提交于 2020-08-26 06:16:18

问题


 === npm audit security report ===  

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Remote Code Execution                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ serialize-javascript                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.1.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @ionic/angular-toolkit [dev]                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @ionic/angular-toolkit > copy-webpack-plugin >               │
│               │ serialize-javascript                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1548                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 2 vulnerabilities (1 low, 1 high) in 1493 scanned packages
1 vulnerability requires semver-major dependency updates.
1 vulnerability requires manual review. See the full report for details.

when I am starting new project with ionic start , I am getting this error. how can I fix it ? Thanks all of you.

my ionic information is here

Ionic CLI                     : 6.11.0 (/usr/local/lib/node_modules/@ionic/cli)
   Ionic Framework               : @ionic/angular 5.3.1
   @angular-devkit/build-angular : 0.901.12
   @angular-devkit/schematics    : 9.1.12
   @angular/cli                  : 9.1.12
   @ionic/angular-toolkit        : 2.3.0

回答1:


From https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities

To find the package that must be updated, check the “Path” field for the location of the package with the vulnerability, then check for the package that depends on it. For example, if the path to the vulnerability is @package-name > dependent-package > package-with-vulnerability, you will need to update dependent-package.

It looks that you need to update https://www.npmjs.com/package/copy-webpack-plugin




回答2:


npm i @ionic/angular-toolkit

2.3.1 of Angular toolkit is released!



来源:https://stackoverflow.com/questions/63376428/remote-code-execution-error-when-ionic-start-project

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!