Original link https://www.jianshu.com/p/60591cfc6952
Npm install appear as a reminder to perform
added 253 packages from 162 contributors and audited 1117 packages in 42.157s
found 5 vulnerabilities (1 low, 4 high)
run `npm audit fix` to fix them, or `npm audit` for details html
According to a command console prompt, enter 'npm audit fix', the console prompt:
1 package update for 5 vulns involved breaking changes
(use `npm audit fix --force` to install breaking changes; or do it by hand)
Input: 'npm audit fix --force', console prompt:
added 199 packages from 111 contributors, removed 64 packages and updated 23 packages in 42.194sfixed 5 of 5 vulnerabilities in 1117 scanned packages
1 package update for 5 vulns involved breaking changes
(installed due to `--force` option)
Finally everything is normal.
Out of curiosity, from npm official website for access to the relevant introduction of npm audit fix.
npm audit: [email protected] & npm @ 6, allows developers to analyze complex code and to identify specific vulnerabilities and defects.
npm audit fix: [email protected], test items dependent on the vulnerability and need to be updated automatically install a vulnerable dependence, without having to track and repair itself.
Meanwhile, the official website also provides a number of other commands, are summarized as follows:
1. Run the audit fix, but only update pkglock, do not update node_modules:
$ npm audit fix --package-lock-only
2. Only dependencies for packages installed update, skip devDependencies package:
$ npm audit fix --only=prod
3. Run the command to get the contents of audit fix will be updated, and output installation information json format, but do not really install the update:
$ npm audit fix --dry-run --json
4 for detailed inspection report format json
$ npm audit --json
Here is the npm-audit official website address: https: //docs.npmjs.com/cli/audit we are interested can look further!