我已经使用安装了一个快速服务器express coserver命令,然后我使用 .npm install' 命令来安装其他节点包/依赖项,但我得到了这个结果:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Incorrect Handling of Non-Boolean Comparisons During
Minification
Package uglify-js
Patched in >= 2.4.24
Dependency of jade
Path jade > transformers > uglify-js
More info https://nodesecurity.io/advisories/39
Low Regular Expression Denial of Service
Package uglify-js
Patched in >=2.6.0
Dependency of jade
Path jade > transformers > uglify-js
More info https://nodesecurity.io/advisories/48
Critical Sandbox Bypass Leading to Arbitrary Code Execution
Package constantinople
Patched in >=3.1.1
Dependency of jade
Path jade > constantinople
More info https://nodesecurity.io/advisories/568
Low Regular Expression Denial of Service
Package clean-css
Patched in >=4.1.11
Dependency of jade
Path jade > clean-css
More info https://nodesecurity.io/advisories/785
found 4 vulnerabilities (3 low, 1 critical) in 194 scanned packages
4 vulnerabilities require manual review. See the full report for details.
My node --version is v10.15.0 and express --version is 4.16.1我使用 Windows 10。我不知道是否需要在此处放置其他信息,但如果需要,请告诉我。
原因:Jade已更名为pug,请安装最新版本的pug而不是jade
fix:
- npm卸载jade
- npm 安装哈巴狗
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
