gpt4 book ai didi

npm - 安装npm时发现12个高危漏洞

转载 作者:行者123 更新时间:2023-12-02 19:57:47 27 4
gpt4 key购买 nike

在 Angular 8 中,当我安装 npm 后发现了 12 个高严重性漏洞。

版本:-

Angular CLI: 8.0.3
Node: 10.16.0
OS: linux x64
Angular: 8.0.1
... animations, cdk, common, compiler, compiler-cli, core, forms
... language-service, material, platform-browser
... platform-browser-dynamic, platform-server, router

Package Version
-----------------------------------------------------------
@angular-devkit/architect 0.800.3
@angular-devkit/build-angular 0.800.3
@angular-devkit/build-optimizer 0.800.3
@angular-devkit/build-webpack 0.800.3
@angular-devkit/core 8.0.3
@angular-devkit/schematics 8.0.3
@angular/cli 8.0.3
@angular/fire 5.2.1
@angular/flex-layout 8.0.0-beta.26
@angular/http 7.2.15
@ngtools/webpack 8.0.3
@schematics/angular 8.0.3
@schematics/update 0.800.3
rxjs 6.5.2
typescript 3.4.5
webpack 4.30.0

当我运行命令 npmaudit 然后显示

     === npm audit security report ===                        


Manual Review
Some vulnerabilities require your attention to resolve

Visit https://go.npm.me/audit-guide for additional guidance


High Arbitrary File Overwrite

Package fstream

Patched in >=1.0.12

Dependency of npm

Path npm > libcipm > npm-lifecycle > node-gyp > fstream

More info https://npmjs.com/advisories/886


High Arbitrary File Overwrite

Package fstream

Patched in >=1.0.12

Dependency of npm

Path npm > libcipm > npm-lifecycle > node-gyp > tar > fstream

More info https://npmjs.com/advisories/886


High Arbitrary File Overwrite

Package fstream

Patched in >=1.0.12

Dependency of npm

Path npm > libnpm > npm-lifecycle > node-gyp > fstream

More info https://npmjs.com/advisories/886


High Arbitrary File Overwrite

Package fstream

Patched in >=1.0.12

Dependency of npm

Path npm > libnpm > npm-lifecycle > node-gyp > tar > fstream

More info https://npmjs.com/advisories/886


High Arbitrary File Overwrite

Package fstream

Patched in >=1.0.12

Dependency of npm

Path npm > node-gyp > fstream

More info https://npmjs.com/advisories/886


High Arbitrary File Overwrite

Package fstream

Patched in >=1.0.12

Dependency of npm

Path npm > node-gyp > tar > fstream

More info https://npmjs.com/advisories/886


High Arbitrary File Overwrite

Package fstream

Patched in >=1.0.12

Dependency of npm

Path npm > npm-lifecycle > node-gyp > fstream

More info https://npmjs.com/advisories/886


High Arbitrary File Overwrite

Package fstream

Patched in >=1.0.12

Dependency of npm

Path npm > npm-lifecycle > node-gyp > tar > fstream

More info https://npmjs.com/advisories/886


High Arbitrary File Overwrite

Package tar

Patched in >=2.2.2 <3.0.0 || >=4.4.2

Dependency of npm

Path npm > libcipm > npm-lifecycle > node-gyp > tar

More info https://npmjs.com/advisories/803


High Arbitrary File Overwrite

Package tar

Patched in >=2.2.2 <3.0.0 || >=4.4.2

Dependency of npm

Path npm > libnpm > npm-lifecycle > node-gyp > tar

More info https://npmjs.com/advisories/803


High Arbitrary File Overwrite

Package tar

Patched in >=2.2.2 <3.0.0 || >=4.4.2

Dependency of npm

Path npm > node-gyp > tar

More info https://npmjs.com/advisories/803


High Arbitrary File Overwrite

Package tar

Patched in >=2.2.2 <3.0.0 || >=4.4.2

Dependency of npm

Path npm > npm-lifecycle > node-gyp > tar

More info https://npmjs.com/advisories/803

在 31845 个扫描包中发现 12 个高严重性漏洞 12个漏洞需要人工审核。有关详细信息,请参阅完整报告。

我想找到 0 个严重漏洞。

最佳答案

这不是一个与角度相关的问题。 npm 报告某些软件包存在已知的安全问题。

您可以尝试运行npmauditfix来让依赖项升级到已知的易受攻击的依赖项(如果有的话),否则,您必须等待软件包维护者修复这些问题。

请记住,安全漏洞虽然非常重要,但也会报告开发包,这些开发包可能不会最终出现在您的生产系统中。

如果升级依赖项或(更改它们)无法解决问题,则您无法自行执行任何操作。

关于npm - 安装npm时发现12个高危漏洞,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56628922/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com