我对
npm
了解不多,我需要解决这个问题:
# npm audit report
semver <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
No fix available
node_modules/@babel/core/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@babel/helper-create-class-features-plugin/node_modules/semver
@babel/core *
Depends on vulnerable versions of @babel/helper-compilation-targets
Depends on vulnerable versions of semver
node_modules/@babel/core
@babel/helper-compilation-targets *
Depends on vulnerable versions of @babel/core
Depends on vulnerable versions of semver
node_modules/@babel/helper-compilation-targets
@babel/helper-create-class-features-plugin *
Depends on vulnerable versions of @babel/core
Depends on vulnerable versions of semver
node_modules/@babel/helper-create-class-features-plugin
@babel/plugin-transform-typescript >=7.21.4-esm
Depends on vulnerable versions of @babel/helper-create-class-features-plugin
node_modules/@babel/plugin-transform-typescript
@babel/preset-typescript >=7.22.5
Depends on vulnerable versions of @babel/plugin-transform-typescript
node_modules/@babel/preset-typescript
babel-plugin-jsx-dom-expressions >=0.33.12
Depends on vulnerable versions of @babel/core
node_modules/babel-plugin-jsx-dom-expressions
babel-preset-solid 0.17.0-beta.0 - 0.17.0-beta.3 || >=1.4.6
Depends on vulnerable versions of @babel/core
Depends on vulnerable versions of babel-plugin-jsx-dom-expressions
node_modules/babel-preset-solid
vite-plugin-solid *
Depends on vulnerable versions of @babel/core
Depends on vulnerable versions of babel-preset-solid
node_modules/vite-plugin-solid
9 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
Some issues need review, and may require choosing
a different dependency.
我删除了“node_modules”文件夹和“package-lock.json”文件,然后我运行了
npm install
,但它不起作用。
我也尝试运行
npm audit fix
,并且安装了旧的“semver”版本,但它们也不起作用。
尝试在 package.json 中添加此代码
"overrides": {
"semver": "~7.5.2"
}
我也有类似的错误。我也无法摆脱它。
semver <7.5.2 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw 可通过
npm audit fix --force
修复
将安装[email protected],这是一个重大更改
节点模块/安全帽/节点模块/semver
节点模块/solc/节点模块/semver
安全帽 >=0.1.0-rc.0
取决于 semver 的易受攻击版本
取决于有漏洞的 solc 版本
节点模块/安全帽
溶胶 >=0.4.7
取决于 semver 的易受攻击版本
节点模块/solc