命令行执行npm install出现如下提示:
added 1130 packages from 652 contributors and audited 1134 packages in 565.871s
found 657 vulnerabilities (161 low, 14 moderate, 480 high, 2 critical)
run `npm audit fix` to fix them, or `npm audit` for details按照控制台提示的信息,输入npm audit fix命令,出现如下提示:
1 vulnerability required manual review and could not be updated
7 package updates for 11 vulns involved breaking changes
(use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)输入npm audit fix --force后,控制台提示:
fixed 10 of 11 vulnerabilities in 1154 scanned packages
1 vulnerability required manual review and could not be updated
7 package updates for 10 vulns involved breaking changes
(installed due to `--force` option)重新输入 npm audit,控制台提示:
=== npm audit security report ===
found 0 vulnerabilities终于一切正常。
网上查阅了对于npm audit fix的相关介绍。
npm audit fix :npm@6.1.0, 检测项目依赖中的漏洞并自动安装需要更新的有漏洞的依赖,而不必再自己进行跟踪和修复。
