koa2第一天 安装koa2found 1 low severity vulnerability run `npm audit fix` to fix them, or `npm audit` for details

安装全局koa2:npm install -g koa2 -generator

创建一个koa2文件夹:koa2 -e koa2

进入koa2文件夹:cd koa2 安装npm模块:npm install

  

显示如下结果,可以看到,英文提示有一个漏洞需要修复


 C:\Users\Administrator\Desktop\koa2-1-1\koa2>npm install

npm WARN deprecated swig@1.4.2: This package is no longer maintained
npm WARN deprecated ejs@2.3.4: Critical security bugs fixed in 2.5.5

> nodemon@1.18.6 postinstall C:\Users\Administrator\Desktop\koa2-1-1\koa2\node_modules\nodemon
> node bin/postinstall || exit 0

Love nodemon? You can now support the project via the open collective:
 > https://opencollective.com/nodemon/donate

npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

added 320 packages from 182 contributors and audited 2414 packages in 186.878s
found 1 low severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details

  

 

按照代码运行  npm audit fix

显示

C:\Users\Administrator\Desktop\koa2-1-1\koa2>npm audit fix
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

up to date in 13.094s
fixed 0 of 1 vulnerability in 2414 scanned packages
  1 package update for 1 vuln involved breaking changes
  (use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)

  

 

很明显没有解决

 

接着运行audit fix

显示:

Run  npm install koa-onerror@4.1.0  to resolve 1 vulnerabilitySEMVER WARNING: Recommended action is a potentially breaking change

Low Regular Expression Denial of Service

Package uglify-js

Dependency of koa-onerror

Path koa-onerror > swig > uglify-js

More info https://nodesecurity.io/advisories/48

 

found 1 low severity vulnerability in 2414 scanned packages

  运行 

npm install koa-onerror@4.1.0
显示
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

+ koa-onerror@4.1.0
added 1 package from 1 contributor, removed 15 packages, updated 1 package and audited 2401 packages in 14.254s
found 0 vulnerabilities

  

ok

posted @ 2018-11-27 15:47  知一以天  阅读(8243)  评论(1编辑  收藏  举报