我无法修复NPM漏洞

Question

我对

npm

了解不多，我需要解决这个问题：

# npm audit report

semver  <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
No fix available
node_modules/@babel/core/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@babel/helper-create-class-features-plugin/node_modules/semver
  @babel/core  *
  Depends on vulnerable versions of @babel/helper-compilation-targets
  Depends on vulnerable versions of semver
  node_modules/@babel/core
    @babel/helper-compilation-targets  *
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of semver
    node_modules/@babel/helper-compilation-targets
    @babel/helper-create-class-features-plugin  *
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of semver
    node_modules/@babel/helper-create-class-features-plugin
      @babel/plugin-transform-typescript  >=7.21.4-esm
      Depends on vulnerable versions of @babel/helper-create-class-features-plugin
      node_modules/@babel/plugin-transform-typescript
        @babel/preset-typescript  >=7.22.5
        Depends on vulnerable versions of @babel/plugin-transform-typescript
        node_modules/@babel/preset-typescript
    babel-plugin-jsx-dom-expressions  >=0.33.12
    Depends on vulnerable versions of @babel/core
    node_modules/babel-plugin-jsx-dom-expressions
      babel-preset-solid  0.17.0-beta.0 - 0.17.0-beta.3 || >=1.4.6
      Depends on vulnerable versions of @babel/core
      Depends on vulnerable versions of babel-plugin-jsx-dom-expressions
      node_modules/babel-preset-solid
        vite-plugin-solid  *
        Depends on vulnerable versions of @babel/core
        Depends on vulnerable versions of babel-preset-solid
        node_modules/vite-plugin-solid

9 moderate severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.

我删除了“node_modules”文件夹和“package-lock.json”文件，然后我运行了

npm install

，但它不起作用。

我也尝试运行

npm audit fix

，并且安装了旧的“semver”版本，但它们也不起作用。

Answer 1

尝试在 package.json 中添加此代码

"overrides": {
    "semver": "~7.5.2"
  }

Answer 2

我也有类似的错误。我也无法摆脱它。

semver <7.5.2 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw 可通过

npm audit fix --force

修复将安装[email protected]，这是一个重大更改节点模块/安全帽/节点模块/semver 节点模块/solc/节点模块/semver 安全帽 >=0.1.0-rc.0 取决于 semver 的易受攻击版本取决于有漏洞的 solc 版本节点模块/安全帽溶胶 >=0.4.7 取决于 semver 的易受攻击版本节点模块/solc

我无法修复NPM漏洞

问题描述投票：0回答：2

2个回答

最新问题

我无法修复NPM漏洞

问题描述 投票：0回答：2

2个回答

最新问题

问题描述投票：0回答：2