highcharts 节点模块的依赖项在更新或安装后不会更新?

omtl5h9j  于 2022-11-11  发布在  Highcharts
关注(0)|答案(3)|浏览(197)

我想在我的应用程序中使用react-highcharts。我使用了npm install react-highcharts,它成功了,但出现了警告:

found 1 high severity vulnerability, run `npm audit fix` to fix them, or `npm audit` for details.

npm audit fix没有执行任何操作;它说我必须手动修复这个问题。我运行npm audit来看看是怎么回事,然后得到了

=== npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Cross-Site Scripting                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ highcharts                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=7.2.2 <8.0.0 || >=8.1.1                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-highcharts                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ react-highcharts > highcharts                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1227                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 994 scanned packages
  1 vulnerability requires manual review. See the full report for details.

"More info" link和“Patched in”行显示这个问题在highcharts〉=8.1.1中得到了修复。最新的版本是highcharts@9.0.0,所以我决定更新它:

❯ npm update highcharts -dd
npm info it worked if it ends with ok
npm verb cli [
npm verb cli   '/usr/local/bin/node',
npm verb cli   '/usr/local/bin/npm',
npm verb cli   'update',
npm verb cli   'highcharts',
npm verb cli   '-dd'
npm verb cli ]
npm info using npm@6.14.10
npm info using node@v14.15.4
npm verb npm-session 0b92b8dc64938cea
npm verb update computing outdated modules to update
npm verb exit [ 0, true ]
npm timing npm Completed in 1507ms
npm info ok

“如果结果是好的,那就成功了”,但你看:

❯ npm list highcharts
myproj@1.0.0 /Users/actinidia/myproj
└─┬ react-highcharts@16.1.0
  └── highcharts@6.2.0

我仍然有highcharts@6.2.0!运行npm install highcharts只会导致highcharts的第二个副本,尽管新版本确实是9.0.0版:

├── highcharts@9.0.0
└─┬ react-highcharts@16.1.0
  └── highcharts@6.2.0

如何更新react-highcharts将使用的依赖项?

amrnrhlw

amrnrhlw1#

您应该先卸载highcharts,然后重新安装。

npm uninstall react-highcharts
npm install react-highcharts
m3eecexj

m3eecexj2#

我听从了ppotaczek的建议,为Highcharts安装了官方支持的 Package 器。

❯ npm install highcharts-react-official
npm WARN highcharts-react-official@3.0.0 requires a peer of highcharts@>=6.0.0
but none is installed. You must install peer dependencies yourself.

+ highcharts-react-official@3.0.0
added 1 package and audited 992 packages in 4.48s

❯ npm install highcharts
+ highcharts@9.0.0
added 1 package from 1 contributor and audited 993 packages in 4.978s
uplii1fm

uplii1fm3#

删除已安装的:node_modulespackage-lock.json
修改package.json,如下所示

npm audit fix --force

npm install

相关问题