我不太了解npm,我需要解决这个问题。
# npm audit report
semver <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
No fix available
node_modules/@babel/core/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@babel/helper-create-class-features-plugin/node_modules/semver
@babel/core *
Depends on vulnerable versions of @babel/helper-compilation-targets
Depends on vulnerable versions of semver
node_modules/@babel/core
@babel/helper-compilation-targets *
Depends on vulnerable versions of @babel/core
Depends on vulnerable versions of semver
node_modules/@babel/helper-compilation-targets
@babel/helper-create-class-features-plugin *
Depends on vulnerable versions of @babel/core
Depends on vulnerable versions of semver
node_modules/@babel/helper-create-class-features-plugin
@babel/plugin-transform-typescript >=7.21.4-esm
Depends on vulnerable versions of @babel/helper-create-class-features-plugin
node_modules/@babel/plugin-transform-typescript
@babel/preset-typescript >=7.22.5
Depends on vulnerable versions of @babel/plugin-transform-typescript
node_modules/@babel/preset-typescript
babel-plugin-jsx-dom-expressions >=0.33.12
Depends on vulnerable versions of @babel/core
node_modules/babel-plugin-jsx-dom-expressions
babel-preset-solid 0.17.0-beta.0 - 0.17.0-beta.3 || >=1.4.6
Depends on vulnerable versions of @babel/core
Depends on vulnerable versions of babel-plugin-jsx-dom-expressions
node_modules/babel-preset-solid
vite-plugin-solid *
Depends on vulnerable versions of @babel/core
Depends on vulnerable versions of babel-preset-solid
node_modules/vite-plugin-solid
9 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
Some issues need review, and may require choosing
a different dependency.
我删除了“node_modules”文件夹,“package-lock.json”文件,然后运行“npm install”命令。但它没有工作。
我试图运行“npm审计修复”,我安装了旧的“semver”版本,但它们也不起作用。
1条答案
按热度按时间tmb3ates1#
我也有类似的错误。我也不能摆脱它。
semver <7.5.2严重性:中度semver易受正则表达式拒绝服务攻击-https://github.com/advisories/GHSA-c2qf-rxjj-qqgw可通过
npm audit fix --force
获得修复将安装hardhat@0.0.7,这是一个重大更改node_modules/hardhat/node_modules/semver node_modules/solc/node_modules/semver hardhat >=0.1.0-rc.0依赖于semver的易受攻击版本依赖于solc的易受攻击版本node_modules/hardhat solc >=0.4.7依赖于semver的易受攻击版本node_modules/solc