Question

Я пытался установить шоссе:

npm install --save @dogstudio/highway

После установки я получаю следующее сообщение:

Я не могу использовать библиотеку, что, скорее всего, связано с уязвимостями, обнаруженными после установки. Я попытался запустить npm audit fix, однако « устранил 0 из 28 уязвимостей ».

Что мне делать? Я действительно хочу использовать пакет Highway.

Выход из npm audit

                       === npm audit security report ===







                               Manual Review

             Some vulnerabilities require your attention to resolve



          Visit https://go.npm.me/audit-guide for additional guidance





  High            Arbitrary File Overwrite



  Package         fstream



  Patched in      >=1.0.12



  Dependency of   npm



  Path            npm > libcipm > npm-lifecycle > node-gyp > fstream



  More info       https://npmjs.com/advisories/886





  High            Arbitrary File Overwrite



  Package         fstream



  Patched in      >=1.0.12



  Dependency of   npm



  Path            npm > libcipm > npm-lifecycle > node-gyp > tar > fstre
am      


  More info       https://npmjs.com/advisories/886





  High            Arbitrary File Overwrite



  Package         fstream



  Patched in      >=1.0.12



  Dependency of   npm



  Path            npm > libnpm > npm-lifecycle > node-gyp > fstream



  More info       https://npmjs.com/advisories/886





  High            Arbitrary File Overwrite



  Package         fstream



  Patched in      >=1.0.12



  Dependency of   npm



  Path            npm > libnpm > npm-lifecycle > node-gyp > tar > fstrea
m       


  More info       https://npmjs.com/advisories/886





  High            Arbitrary File Overwrite



  Package         fstream



  Patched in      >=1.0.12



  Dependency of   npm



  Path            npm > node-gyp > fstream



  More info       https://npmjs.com/advisories/886





  High            Arbitrary File Overwrite



  Package         fstream



  Patched in      >=1.0.12



  Dependency of   npm



  Path            npm > node-gyp > tar > fstream



  More info       https://npmjs.com/advisories/886





  High            Arbitrary File Overwrite



  Package         fstream



  Patched in      >=1.0.12



  Dependency of   npm



  Path            npm > npm-lifecycle > node-gyp > fstream



  More info       https://npmjs.com/advisories/886





  High            Arbitrary File Overwrite



  Package         fstream



  Patched in      >=1.0.12



  Dependency of   npm



  Path            npm > npm-lifecycle > node-gyp > tar > fstream



  More info       https://npmjs.com/advisories/886





  High            Arbitrary File Overwrite



  Package         tar



  Patched in      >=2.2.2 <3.0.0 || >=4.4.2



  Dependency of   npm



  Path            npm > libcipm > npm-lifecycle > node-gyp > tar



  More info       https://npmjs.com/advisories/803





  High            Arbitrary File Overwrite



  Package         tar



  Patched in      >=2.2.2 <3.0.0 || >=4.4.2



  Dependency of   npm



  Path            npm > libnpm > npm-lifecycle > node-gyp > tar



  More info       https://npmjs.com/advisories/803





  High            Arbitrary File Overwrite



  Package         tar



  Patched in      >=2.2.2 <3.0.0 || >=4.4.2



  Dependency of   npm



  Path            npm > node-gyp > tar



  More info       https://npmjs.com/advisories/803





  High            Arbitrary File Overwrite



  Package         tar



  Patched in      >=2.2.2 <3.0.0 || >=4.4.2



  Dependency of   npm



  Path            npm > npm-lifecycle > node-gyp > tar



  More info       https://npmjs.com/advisories/803





  Low             Regular Expression Denial of Service



  Package         braces



  Patched in      >=2.3.1



  Dependency of   update



  Path            update > assemble-core > assemble-fs > vinyl-fs >

                  glob-stream > micromatch > braces



  More info       https://npmjs.com/advisories/786





  Low             Regular Expression Denial of Service



  Package         braces



  Patched in      >=2.3.1



  Dependency of   update



  Path            update > assemble-core > assemble-streams > match-file
 >      
                  micromatch > braces



  More info       https://npmjs.com/advisories/786





  Low             Regular Expression Denial of Service



  Package         braces



  Patched in      >=2.3.1



  Dependency of   update



  Path            update > assemble-core > base-task > composer > microm
atch >  
                  braces



  More info       https://npmjs.com/advisories/786





  Low             Regular Expression Denial of Service



  Package         braces



  Patched in      >=2.3.1



  Dependency of   update



  Path            update > assemble-core > templates > get-view > match-
file >  
                  micromatch > braces



  More info       https://npmjs.com/advisories/786





  Low             Regular Expression Denial of Service



  Package         braces



  Patched in      >=2.3.1



  Dependency of   update



  Path            update > assemble-core > templates > layouts > get-vie
w >     
                  match-file > micromatch > braces



  More info       https://npmjs.com/advisories/786





  Low             Regular Expression Denial of Service



  Package         braces



  Patched in      >=2.3.1



  Dependency of   update



  Path            update > assemble-core > templates > match-file > micr
omatch  
                  > braces



  More info       https://npmjs.com/advisories/786





  Low             Regular Expression Denial of Service



  Package         braces



  Patched in      >=2.3.1



  Dependency of   update



  Path            update > base-cli-process > base-config-process > micr
omatch  
                  > braces



  More info       https://npmjs.com/advisories/786





  Low             Regular Expression Denial of Service



  Package         braces



  Patched in      >=2.3.1



  Dependency of   update



  Path            update > base-config-process > micromatch > braces



  More info       https://npmjs.com/advisories/786





  Low             Regular Expression Denial of Service



  Package         braces



  Patched in      >=2.3.1



  Dependency of   update



  Path            update > base-generators > base-task > composer > micr
omatch  
                  > braces



  More info       https://npmjs.com/advisories/786





  Low             Regular Expression Denial of Service



  Package         braces



  Patched in      >=2.3.1



  Dependency of   update



  Path            update > base-questions > question-store > common-conf
ig >    
                  composer > micromatch > braces



  More info       https://npmjs.com/advisories/786





  Low             Regular Expression Denial of Service



  Package         braces



  Patched in      >=2.3.1



  Dependency of   update



  Path            update > base-runtimes > micromatch > braces



  More info       https://npmjs.com/advisories/786





  Low             Regular Expression Denial of Service



  Package         braces



  Patched in      >=2.3.1



  Dependency of   update



  Path            update > common-config > composer > micromatch > brace
s       


  More info       https://npmjs.com/advisories/786





  Moderate        Prototype Pollution



  Package         defaults-deep



  Patched in      No patch available



  Dependency of   update



  Path            update > base-cli-process > base-config-process >

                  base-config-schema > base-pkg > expand-pkg > defaults-
deep    


  More info       https://npmjs.com/advisories/778





  Moderate        Prototype Pollution



  Package         defaults-deep



  Patched in      No patch available



  Dependency of   update



  Path            update > base-cli-process > base-pkg > expand-pkg >

                  defaults-deep



  More info       https://npmjs.com/advisories/778





  Moderate        Prototype Pollution



  Package         defaults-deep



  Patched in      No patch available



  Dependency of   update



  Path            update > base-config-process > base-config-schema > ba
se-pkg  
                  > expand-pkg > defaults-deep



  More info       https://npmjs.com/advisories/778





  Moderate        Prototype Pollution



  Package         defaults-deep



  Patched in      No patch available



  Dependency of   update



  Path            update > base-generators > base-pkg > expand-pkg >

                  defaults-deep



  More info       https://npmjs.com/advisories/778

«Исправление аудита npm» исправляет 0 уязвимостей (x уязвимостей требуют проверки вручную и не могут быть обновлены)

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

Ответы [ 0 ]

«Исправление аудита npm» исправляет 0 уязвимостей (x уязвимостей требуют проверки вручную и не могут быть обновлены)

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

Ответы [ 0 ]

Похожие темы