Npm vulnerability repair audit what to do after viewing the report?

Today npm hints that two high-risk vulnerabilities have been detected

run npm audit fix to repair. After the repair is completed, it is prompted that a vulnerability cannot be repaired automatically, and manual audit is required

run npm audit to get the following security report:

                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  High            Missing Origin Validation

  Package         webpack-dev-server

  Patched in      >=3.1.11

  Dependency of   vue-photo-preview

  Path            vue-photo-preview > webpack-dev-server

  More info       https://nodesecurity.io/advisories/725

found 1 high severity vulnerability in 18322 scanned packages
  1 vulnerability requires manual review. See the full report for details.

is it the problem of webpack-dev-server or vue-photo-preview that I don"t understand?

is there a great god who can answer how to deal with this loophole?

Javascript node.js

Jun.27,2022

clearly indicates that the version of webpack-dev-server that vue-photo-preview depends on is at risk of vulnerabilities. This was fixed after webpack-dev-server@3.1.11. But vue-photo-preview actually only depends on photoswipe, and the other 15 dependencies should be Dev Dependencies. It is recommended that you do not use vue-photo-preview as a library, just use photoswipe.

webpack-dev-server that vue-photo-preview depends on, you can try to upgrade it.

Previous: Different solutions for copywriting of the values of the same field in the back-end table on different front-end pages

Next: The weird error of python list generation

On the progress progress of uploading files by xhr
In the scenario, the front end uploads the file to node api,api through xhr and calls the upload method put of Aliyun oss sdk (or multipart), Aliyun is responsible for uploading the file to oss.. Well, the problem is that when the front end monitors the...

Javascript node.js

Feb.26,2021
How to puppetter automatically, download the exe file and save it
through the goto to the download link, the exe file will be displayed, saved or discarded when the download is complete. how do I write code to save it automatically? ...

Javascript node.js

Feb.27,2021
How does casper get the internal value of the json array?
it feels like you can t manipulate json,. At most, it s an array. ...

Json javascript node.js

Feb.27,2021
How to format nunjucks template files in vscode?
after installing the extension of nunjucks, when you open the template file of nunjucks, you will be prompted that there is no formatter for the nunjucks file when you format the file. how to format the template file of nunjucks? ...

Visual-studio-code express javascript node.js

Feb.27,2021
Please v-for n child components in the parent component. The parent component can only receive the value passed by the first child component.
ask: v-for n child components in the parent component, and there is a value in the child component. Pass the value value $emit to the parent component. Why can the parent component only receive the value of the first child component, and why can t the...

Javascript node.js vue.js

Feb.27,2021
Why can vue-router not be put into production environment?
shouldn t vue use vue-router? Why can it only be put into devDependencies (development dependency)? ...

Css html5 html javascript node.js

Feb.27,2021
How to return qualified elements in an array
for example, [ "1 ", "] I want to get the element in the array that is not ", that is, the return result is " 1 "....

Javascript node.js

Feb.27,2021
Is the middleware Synchronize in the koa2 framework or asynchronous?
question 1: why is the middleware in the koa2 framework written in the form of async, rarely in Synchronize mode (that is, without async)? For example, app.use(async (ctx, next) => { const start = new Date() await next() const ms = new Date() ...

Javascript node.js koa2 middleware asynchronous

Feb.27,2021
What if the data get of the node.js crawler is a template string similar to ejs?
A project of practicing hands. I want to climb the singer information on NetEase Cloud code is similar to . const request = require( superagent ); const cheerio = require( cheerio ); request .get( http: music.163.com -sharp discover artist ca...

Cheerio web-crawler javascript node.js

Feb.28,2021
Is there a framework similar to hibernate,mongoose for node.js to mysql?
recently, when I was writing a node project, I found that it was troublesome to write a bunch of sql statements when connecting to mysql with node.js. I went to npm s official website to search for nothing, so I would like to ask if there is a similar f...

Mysql javascript node.js

Feb.28,2021
How does ant design customize form validation?
how does react ant use custom form validation? 1. Code const Login = ( { loading, dispatch, form: { getFieldDecorator, validateFieldsAndScroll }, } ) => { function handleOk() { validateFieldsAndScroll((error...

Javascript node.js react.js dva.js antdesign

Feb.28,2021
Null problem of HTML img
Let the boss take a look. What I want to ask is, can I set the default style of the damaged image when img is empty? ...

Javascript node.js css html5

Feb.28,2021
Vue axios request to automatically bring the current domain name?
ask for answers from all kinds of gods ...

Javascript node.js vue.js axios

Mar.01,2021
After the ant-design-pro project npm run build, the browser opens and reports an error.
simply write a project with ant-design-pro, and write a server.js and npm run build packaged file in the root directory with the built-in mock API,. The dist directory is as follows: server.js: server.js302Cannot read property notifyCount of unde...

Javascript node.js react.js dva.js

Mar.01,2021
There is no error in installing node, under linux, but it still prompts that it is not installed.
the program node is currently not installed? here are the installation steps: enter the command: wget https: npm.taobao.org mirror. xz-d node-v8.9.3-linux-x64.tar.xz or tar-xzvf node-v8.9.3-linux-x64.tar.gz tar-xvf node-v8.9.3-linux-x64.tar ...

Javascript node.js

Mar.01,2021
How to solve the problem of npm link error?
npm link npm WARN app@1.0.0 No repository field. up to date in 0.724s npm ERR! path C: Users Cooper AppData Roaming npm node_modules app app npm ERR! code ENOENT npm ERR! errno -4058 npm ERR! syscall chmod npm ERR! enoent ENOENT: no such file o...

Javascript node.js npm

Mar.01,2021
The problem of the combination of nodejs and ejs
the problem is this: when the foreground wants to modify, click modify, and then the background gives out the mod_data and then you can modify it. I know that the problem is probably the problem here with default. The first time I clicked on the banne...

Ejs javascript node.js

Mar.01,2021
Npm install reported an error
prompt for an error when running npm install module.js:549 throw err; ^ Error: Cannot find module update-notifier at Function.Module._resolveFilename (module.js:547:15) at Function.Module._load (module.js:474:25) at Module.requ...

Javascript node.js

Mar.01,2021
Weex development environment installation failed
error installing Times $ yarn global add weex-toolkit yarn global v1.2.1 [1 4] Resolving packages... warning weex-toolkit > weex-builder > babel-preset-es2015@6.24.1: ? Thanks f or using Babel: we recommend using babel-preset-env now: please rea...

Javascript node.js weex

Mar.02,2021
Are middleware in nodejs the same thing as filters in Java?
Today, when you look at the content of the node middleware section, it feels a lot like a filter, so is the so-called middleware another name for a filter? ...

Javascript node.js

Mar.02,2021