Meu projeto tem 6 vulnerabilidades de alta gravidade e não tenho idéia de como corrigi-las. correção de auditoria npm falha. Por favor me ajude a consertar isso.
Eu estava instalando https://www.npmjs.com/package/toastr no meu projeto e após a instalação, as vulnerabilidades foram mostradas. Não sei se existe alguma conexão. === relatório de segurança de auditoria npm ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > @schematics/update > pacote >
make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > pacote > make-fetch-happen >
https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > @schematics/update > pacote >
npm-registry-fetch > make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of @angular/cli [dev]
Path @angular/cli > pacote > npm-registry-fetch >
make-fetch-happen > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of protractor [dev]
Path protractor > browserstack > https-proxy-agent
More info https://npmjs.com/advisories/1184
High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of protractor [dev]
Path protractor > saucelabs > https-proxy-agent
More info https://npmjs.com/advisories/1184
Corrige problemas do BUILD e problemas gerais de instalação:
package.json
Em vez de
npm install
apenas executarcmd
ouDockerfile
:fonte
Dê uma olhada neste segmento: Como substituir versões de dependência aninhadas do NPM?
Apenas substitua os pacotes correspondentes pelos listados na auditoria.
fonte