发现 11 个低严重性漏洞 - React Native Project

Posted 2023-03-15

技术标签:

【中文标题】发现 11 个低严重性漏洞 - React Native Project【英文标题】：found 11 low severity vulnerabilities - React Native Project 【发布时间】：2019-03-24 13:52:11 【问题描述】：

每当我使用react-native init <projname> 创建一个新的 React Native 项目，然后尝试安装我的项目所需的任何 NPM 包时，我总是会遇到这个错误 -

发现 11 个低严重性漏洞

我应该如何解决这个错误？

我已经尝试过npm audit fix。但它说应该手动解决错误。

$ npm install react-native-elements --save
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\sane.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\sane
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\sane as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\sane
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\jest.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\jest-cli
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\jest as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\jest-cli
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esvalidate.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esparse.cmd as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esvalidate as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima
npm WARN rm not removing C:\Users\jjeff\Documents\React Native\testOne\node_modules\.bin\esparse as it wasn't installed by C:\Users\jjeff\Documents\React Native\testOne\node_modules\esprima

> react-native-elements@1.1.0 postinstall C:\Users\jjeff\Documents\React Native\testOne\node_modules\react-native-elements
> opencollective-postinstall

Thank you for using react-native-elements!
If you rely on this package, please consider supporting our open collective:
> https://opencollective.com/react-native-elements/donate

npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN react-native-elements@1.1.0 requires a peer of react-native-vector-icons@>6.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.7 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.7: wanted "os":"darwin","arch":"any" (current: "os":"win32","arch":"x64")

+ react-native-elements@1.1.0
added 54 packages from 33 contributors, removed 34 packages, updated 918 packages and audited 515931 packages in 112.858s
found 11 low severity vulnerabilities
  run `npm audit fix` to fix them, or `npm audit` for details

【问题讨论】：

【参考方案1】：

您可以运行npm audit 来查看这些漏洞的详细信息，通常它们属于您为项目安装的依赖项/包。这意味着除非有您尚未为特定软件包申请的最新更新，否则您无能为力。

在你的情况下，它是低严重性漏洞，所以我不会太担心它们，如果你愿意，只需使用 npm audit 看看是否有你特别担心的漏洞，如果有，请解决它们包开发人员，考虑替代方案，或分叉项目并自己修复漏洞作为最后的手段。但同样，我不会太担心这一点，因为它们只是低严重性漏洞。

【讨论】：

【参考方案2】：

您可以尝试项目中使用的最新版本的软件包。你可以试试下面的命令。