安装firebase工具npm,在漏洞圈中兜圈子

qni6mghb  于 2022-12-13  发布在  其他
关注(0)|答案(1)|浏览(166)

我正在尝试安装firebase工具。但是我看到了这个错误:

# npm audit report

express  <=4.17.2 || 5.0.0-alpha.1 - 5.0.0-alpha.8
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
Depends on vulnerable versions of qs
fix available via `npm audit fix`
node_modules/firebase-tools/node_modules/express

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install firebase-tools@1.2.0, which is a breaking change
node_modules/firebase-tools/node_modules/got
  package-json  <=6.5.0
  Depends on vulnerable versions of got
  node_modules/firebase-tools/node_modules/package-json
    latest-version  0.2.0 - 5.1.0
    Depends on vulnerable versions of package-json
    node_modules/firebase-tools/node_modules/latest-version
      update-notifier  0.2.0 - 5.1.0
      Depends on vulnerable versions of latest-version
      node_modules/firebase-tools/node_modules/superstatic/node_modules/update-notifier
      node_modules/firebase-tools/node_modules/update-notifier
        firebase-tools  >=2.0.0
        Depends on vulnerable versions of update-notifier
        node_modules/firebase-tools
        superstatic  >=0.12.11
        Depends on vulnerable versions of update-notifier
        node_modules/firebase-tools/node_modules/superstatic

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/firebase-tools/node_modules/minimatch

qs  6.5.0 - 6.5.2 || 6.7.0 - 6.7.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/firebase-tools/node_modules/qs
node_modules/firebase-tools/node_modules/request/node_modules/qs
  body-parser  1.19.0
  Depends on vulnerable versions of qs
  node_modules/firebase-tools/node_modules/body-parser
  express  <=4.17.2 || 5.0.0-alpha.1 - 5.0.0-alpha.8
  Depends on vulnerable versions of qs
  node_modules/firebase-tools/node_modules/express

10 vulnerabilities (6 moderate, 4 high)

当我跑步时:

npm audit fix // or
npm audit fix --force

我得到了完全相同的错误。
然后,我尝试手动更新软件包是否有帮助,例如,通过运行:

npm install qs@latest

但我也有同样的问题。
我还

  • 我删除了我的软件包。json-lock文件和nodule模块文件夹,并尝试了一个新的安装。仍然yada

为什么我似乎不能打破这个循环?

npm

1条答案

按热度按时间
ekqde3dh

ekqde3dh1#

已解决:
我设法通过使用自动安装脚本而不是www.example.com中的npm来解决这个问题https://firebase.google.com/docs/cli#mac-linux-auto-script:

curl -sL https://firebase.tools | bash

我现在可以使用firebase init登录和部署了....哇!

赞(0)分享  回复(0)举报  2022-12-13
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com