koa2第一天 安装koa2found 1 low severity vulnerability run `npm audit fix` to fix them, or `npm audit` for details

安装全局koa2：npm install -g koa2 -generator

创建一个koa2文件夹：koa2 -e koa2

进入koa2文件夹：cd koa2

安装npm模块：npm install

　　

显示如下结果，可以看到，英文提示有一个漏洞需要修复

：

　C:\Users\Administrator\Desktop\koa2-1-1\koa2>npm install

npm WARN deprecated swig@1.4.2: This package is no longer maintained
npm WARN deprecated ejs@2.3.4: Critical security bugs fixed in 2.5.5

> nodemon@1.18.6 postinstall C:\Users\Administrator\Desktop\koa2-1-1\koa2\node_modules\nodemon
> node bin/postinstall || exit 0

Love nodemon? You can now support the project via the open collective:
 > https://opencollective.com/nodemon/donate

npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

added 320 packages from 182 contributors and audited 2414 packages in 186.878s
found 1 low severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details

　　

按照代码运行  npm audit fix

显示

C:\Users\Administrator\Desktop\koa2-1-1\koa2>npm audit fix
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

up to date in 13.094s
fixed 0 of 1 vulnerability in 2414 scanned packages
  1 package update for 1 vuln involved breaking changes
  (use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)

　　

很明显没有解决

接着运行audit fix

显示：

Run  npm install koa-onerror@4.1.0  to resolve 1 vulnerabilitySEMVER WARNING: Recommended action is a potentially breaking change

Low Regular Expression Denial of Service

Package uglify-js

Dependency of koa-onerror

Path koa-onerror > swig > uglify-js

More info https://nodesecurity.io/advisories/48

found 1 low severity vulnerability in 2414 scanned packages

　　运行

npm install koa-onerror@4.1.0
显示

npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

+ koa-onerror@4.1.0
added 1 package from 1 contributor, removed 15 packages, updated 1 package and audited 2401 packages in 14.254s
found 0 vulnerabilities

　　

ok