koa2第一天 安装koa2found 1 low severity vulnerability run `npm audit fix` to fix them, or `npm audit` for details
安装全局koa2:npm install -g koa2 -generator 创建一个koa2文件夹:koa2 -e koa2
进入koa2文件夹:cd koa2 安装npm模块:npm install
显示如下结果,可以看到,英文提示有一个漏洞需要修复
:
C:\Users\Administrator\Desktop\koa2-1-1\koa2>npm install
npm WARN deprecated swig@1.4.2: This package is no longer maintained npm WARN deprecated ejs@2.3.4: Critical security bugs fixed in 2.5.5 > nodemon@1.18.6 postinstall C:\Users\Administrator\Desktop\koa2-1-1\koa2\node_modules\nodemon > node bin/postinstall || exit 0 Love nodemon? You can now support the project via the open collective: > https://opencollective.com/nodemon/donate npm notice created a lockfile as package-lock.json. You should commit this file. npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules\fsevents): npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"}) added 320 packages from 182 contributors and audited 2414 packages in 186.878s found 1 low severity vulnerability run `npm audit fix` to fix them, or `npm audit` for details
按照代码运行 npm audit fix
显示
C:\Users\Administrator\Desktop\koa2-1-1\koa2>npm audit fix npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules\fsevents): npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"}) up to date in 13.094s fixed 0 of 1 vulnerability in 2414 scanned packages 1 package update for 1 vuln involved breaking changes (use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)
很明显没有解决
接着运行audit fix
显示:
Run npm install koa-onerror@4.1.0 to resolve 1 vulnerabilitySEMVER WARNING: Recommended action is a potentially breaking change
Low Regular Expression Denial of Service
Package uglify-js
Dependency of koa-onerror
Path koa-onerror > swig > uglify-js
More info https://nodesecurity.io/advisories/48
found 1 low severity vulnerability in 2414 scanned packages
运行
npm install koa-onerror@4.1.0
显示
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules\fsevents): npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"}) + koa-onerror@4.1.0 added 1 package from 1 contributor, removed 15 packages, updated 1 package and audited 2401 packages in 14.254s found 0 vulnerabilities
ok