Как решить проблему с уязвимостями npm?

когда я бегу npm installв моем приложении для реагирования, чтобы установить все необходимые зависимости. Это вызывает проблему уязвимости. Я попытался исправить это с помощью npm audit fixно у меня это не сработало, а также попробовал некоторые методы, приведенные в статьях/видео, но до сих пор не смог решить.

Можете ли вы помочь мне решить эту проблему, чтобы я мог продолжить свой проект?

вот отчет npm audit:

      # npm audit report

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@2.1.3, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          node_modules/react-scripts

postcss  <7.0.36
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix --force`
Will install postcss-rtl@0.0.3, which is a breaking change
node_modules/rtlcss/node_modules/postcss
  rtlcss  <=2.6.2
  Depends on vulnerable versions of postcss
  node_modules/rtlcss
    postcss-rtl  >=0.1.0
    Depends on vulnerable versions of rtlcss
    node_modules/postcss-rtl

9 vulnerabilities (3 moderate, 6 high)

пакет.json

      {
  "name": "vuexy-react-admin-dashboard",
  "version": "8.0.0",
  "private": true,
  "dependencies": {
    "@casl/ability": "^5.2.2",
    "@casl/react": "^2.1.1",
    "@craco/craco": "^5.9.0",
    "@fullcalendar/core": "^5.10.1",
    "@fullcalendar/daygrid": "^5.10.1",
    "@fullcalendar/interaction": "^5.10.1",
    "@fullcalendar/list": "^5.10.1",
    "@fullcalendar/react": "^5.10.1",
    "@fullcalendar/timegrid": "^5.10.1",
    "@fullcalendar/timeline": "^5.10.1",
    "@hookform/resolvers": "^2.8.3",
    "@reduxjs/toolkit": "^1.2.5",
    "animate.css": "^4.1.1",
    "apexcharts": "^3.29.0",
    "apexcharts-clevision": "^3.28.3",
    "axios": "^0.24.0",
    "axios-mock-adapter": "^1.19.0",
    "bootstrap": "5.1.0",
    "bs-stepper": "^1.7.0",
    "chart.js": "^3.6.0",
    "chroma-js": "~2.1.0",
    "classnames": "^2.3.1",
    "cleave.js": "^1.6.0",
    "draft-js": "^0.11.7",
    "draftjs-to-html": "^0.9.1",
    "file-saver": "^2.0.2",
    "flatpickr": "^4.6.3",
    "history": "^5.1.0",
    "html-to-draftjs": "^1.5.0",
    "i18next": "^21.4.0",
    "i18next-browser-languagedetector": "^6.1.2",
    "i18next-xhr-backend": "^3.2.2",
    "jquery": "^3.5.1",
    "jsonwebtoken": "~8.5.1",
    "lodash": "^4.17.21",
    "moment": "^2.29.1",
    "nouislider": "^15.5.0",
    "nouislider-react": "^3.3.8",
    "npm-force-resolutions": "^0.0.10",
    "prismjs": "^1.19.0",
    "prop-types": "~15.7.2",
    "rc-input-number": "^7.3.3",
    "react": "^17.0.2",
    "react-apexcharts": "^1.3.9",
    "react-chartjs-2": "^3.3.0",
    "react-contexify": "^5.0.0",
    "react-copy-to-clipboard": "~5.0.2",
    "react-country-flag": "^2.0.1",
    "react-data-table-component": "^7.4.5",
    "react-dom": "^17.0.2",
    "react-draft-wysiwyg": "^1.14.5",
    "react-dropzone": "^11.4.2",
    "react-feather": "~2.0.3",
    "react-flatpickr": "^3.9.1",
    "react-hook-form": "7.18.1",
    "react-i18next": "^11.13.0",
    "react-paginate": "^7.0.0",
    "react-perfect-scrollbar": "^1.5.5",
    "react-player": "^2.6.2",
    "react-rating": "^2.0.5",
    "react-redux": "^7.2.0",
    "react-router-dom": "^5.2.0",
    "react-select": "^5.2.0",
    "react-shepherd": "^3.3.6",
    "react-slidedown": "^2.4.5",
    "react-sortablejs": "^6.0.0",
    "react-toastify": "^8.0.3",
    "reactstrap": "9.0.1",
    "recharts": "^2.0.4",
    "redux": "^4.0.5",
    "redux-debounced": "~0.5.0",
    "redux-thunk": "^2.4.0",
    "sass": "1.32.13",
    "screenfull": "^5.0.2",
    "sortablejs": "^1.12.0",
    "styled-components": "^5.1.1",
    "sweetalert2": "^11.1.9",
    "sweetalert2-react-content": "^4.2.0",
    "swiper": "^7.2.0",
    "wnumb": "^1.2.0",
    "xlsx": "^0.17.3",
    "yarn": "^1.21.1",
    "yup": "^0.32.8"
  },
  "scripts": {
    "start": "craco start",
    "build": "craco build",
    "test": "craco test",
    "eject": "react-scripts eject",
    "lint": "eslint src/**/*.js src/**/*.jsx",
    "lint:fix": "eslint src/**/*.js --fix"
    
  },
  "eslintConfig": {
    "extends": "react-app"
  },
  "devDependencies": {
    "@types/sortablejs": "^1.10.6",
    "eslint": "^7.11.0",
    "eslint-plugin-import": "^2.22.0",
    "node-fetch": "^3.2.4",
    "postcss-rtl": "^1.7.3",
    "react-scripts": "^5.0.1",
    "sass-loader": "8.0.2"
  },
 
  "browserslist": {
    "production": [
      ">0.2%",
      "not dead",
      "not op_mini all"
    ],
    "development": [
      "last 1 chrome version",
      "last 1 firefox version",
      "last 1 safari version"
    ]
  },
  "homepage": ""
}
Источник

0 ответов

Другие вопросы по тегам