Currently, we are creating a clone application for the Amazon site using Node.js and vue.js.
When npm i mongoose was implemented, the following error message was displayed.
Applicable source code
+ [email protected] removed 36 packages, updated 1 package and audited 924897 packages in 25.49s 10 packages are looking for funding run `npm fund` for details found 1 low severity vulnerability run `npm audit fix` to fix them, or` npm audit` for details
=== npm audit security report === ┌────────────────────────────────────────────────── ─────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └────────────────────────────────────────────────── ─────────────────────────────┘ ┌───────────────┬────────────────────────────────── ─────────────────────────────┐ │ Low │ Denial of Service │ ├───────────────┼────────────────────────────────── ─────────────────────────────┤ │ Package │ mem │ ├───────────────┼────────────────────────────────── ─────────────────────────────┤ │ Patched in │>= 4.0.0 │ ├───────────────┼────────────────────────────────── ─────────────────────────────┤ │ Dependency of │ npm │ ├───────────────┼────────────────────────────────── ─────────────────────────────┤ │ Path │ npm>libnpx>yargs>os-locale>mem │ ├───────────────┼────────────────────────────────── ─────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1084 │ └───────────────┴────────────────────────────────── ─────────────────────────────┘ found 1 low severity vulnerability in 924897 scanned packages 1 vulnerability requires manual review.See the full report for details.
The above information was obtained by entering the command npm audit, npm audit fix. And since denial of service was displayed, it was judged that the service was stopped, and the user entered npm uninstall mem or entered ncu, ncu-u to try to solve the problem, but the problem was not solved.
I also referred to here , but it has not been resolved did. .
Answer # 1
Denial of service is displayed and it is determined that the service has been stopped
This judgment is wrong.
npm auditis a tool for determiningvulnerabilities, so there are also vulnerabilities that are difficult to cause.
npm updatemay fix a new version, but it may not be resolved if you lock into the old version in the library.
In the first place,
npmis not normally executed from outside, so even if there is a DoS vulnerability, the risk of actually affecting it is low. If
npm updatedoes not solve it, you can leave it alone.
- nodejs update error
- mql4 error solution
- nodejs - error when trying to install passport or bleno with npm
- nodejs - when i installed sequelize with yarn, an error was displayed
- nodejs - resolving vulnerabilities detected by npm audit
- php - solution for syntax error, unexpected'class' (t_class), expecting']'
- nodejs - i can't fix the error with npm audit fix help me! !! !! !! !!
- python - i want to know the solution of internal server error
- nodejs - i'm not sure how to read gulp's error message
- about error connecting nodejs application and mysql
- nodejs - error when building with webpack
- php error general error: cause and solution for 2031
- google apps script - solution for error message "parameter () does not match the method signature of spreadsheetappsheetget
- python - please tell me the solution of yolov3 error [filenotfounderror: [errno 2] no such file or directory:'traintxt']
- nodejs - code 401 error in nuxtjs
- i want to remove error checking for specific fields on the cakephp controller side
- python - addition of only a specific part of pandas i get a type error
- nodejs - npm install error
- nodejs - i get an error with npm start
- nodejs - i can't use map with react
- linux - about sudo npm command
- about nodejs version control tool n
- even if nodejs_npm is installed, it will appear as internal/modules/cjs/loaderjs: 797
- nodejs - npm install error in docker
- nodejs - error with npm install socketio
- centos - how to resolve global installation errors of npm and yarn
- nodejs - in express, it becomes `error: failed to lookup view` and cannot be displayed
- nodejs - i want to update the node version of vagrant, but i get "glibc_217, glibc_216, glibc_214 not found" and canno