webpack、sass-loader、npm audit fix、npm audit fix --force兼容性问题
祁宾白
sass-loader兼容性问题
PS E:\dome\automated-test-platform-vue2> npm install sass@~1.32 sass-loader@10.1.1 deepmerge -D
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: automated-test-platform-vue2@1.0.0
npm ERR! Found: webpack@3.12.0
npm ERR! node_modules/webpack
npm ERR! webpack@"^3.6.0" from the root project
npm ERR! Could not resolve dependency:
npm ERR! peer webpack@"^4.36.0 || ^5.0.0" from sass-loader@10.1.1
npm ERR! node_modules/sass-loader
npm ERR! dev sass-loader@"10.1.1" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See C:\Users\shenyf\AppData\Local\npm-cache\eresolve-report.txt for a full report.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\shenyf\AppData\Local\npm-cache\_logs\2022-01-12T09_00_24_153Z-debug.log
PS E:\dome\automated-test-platform-vue2> npm install sass@~1.32 sass-loader@9 deepmerge -D
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: automated-test-platform-vue2@1.0.0
npm ERR! Found: webpack@3.12.0
npm ERR! node_modules/webpack
npm ERR! webpack@"^3.6.0" from the root project
npm ERR! Could not resolve dependency:
npm ERR! peer webpack@"^4.36.0 || ^5.0.0" from sass-loader@9.0.3
npm ERR! node_modules/sass-loader
npm ERR! dev sass-loader@"9" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See C:\Users\shenyf\AppData\Local\npm-cache\eresolve-report.txt for a full report.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\shenyf\AppData\Local\npm-cache\_logs\2022-01-12T09_00_47_449Z-debug.log
PS E:\dome\automated-test-platform-vue2> npm install sass@~1.32 sass-loader@8 deepmerge -D
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: automated-test-platform-vue2@1.0.0
npm ERR! Found: webpack@3.12.0
npm ERR! node_modules/webpack
npm ERR! webpack@"^3.6.0" from the root project
npm ERR! Could not resolve dependency:
npm ERR! peer webpack@"^4.36.0 || ^5.0.0" from sass-loader@8.0.2
npm ERR! node_modules/sass-loader
npm ERR! dev sass-loader@"8" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See C:\Users\shenyf\AppData\Local\npm-cache\eresolve-report.txt for a full report.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\shenyf\AppData\Local\npm-cache\_logs\2022-01-12T09_01_01_870Z-debug.log
PS E:\dome\automated-test-platform-vue2> npm install sass@~1.32 sass-loader@7 deepmerge -D
added 7 packages, and audited 1274 packages in 36s
63 packages are looking for funding
run `npm fund` for details
86 vulnerabilities (2 low, 69 moderate, 15 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
PS E:\dome\automated-test-platform-vue2>
解决办法:上面包含解决问题的过程,主要是挨个降级安装,直到安装成功,其他兼容性问题,亦可按此方法解决
npm audit fix兼容性问题
PS E:\dome\automated-test-platform-vue2> npm audit fix
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: automated-test-platform-vue2@1.0.0
npm ERR! Found: webpack@5.66.0
npm ERR! node_modules/webpack
npm ERR! webpack@"^5.66.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer webpack@"^2.0.0 || ^3.0.0" from uglifyjs-webpack-plugin@1.1.2
npm ERR! node_modules/uglifyjs-webpack-plugin
npm ERR! dev uglifyjs-webpack-plugin@"^1.1.1" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See C:\Users\shenyf\AppData\Local\npm-cache\eresolve-report.txt for a full report.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\shenyf\AppData\Local\npm-cache\_logs\2022-01-12T09_13_44_800Z-debug.log
PS E:\dome\automated-test-platform-vue2>
解决办法:该降级降级,该升级升级,关键所在就是npm uninstall xxxx然后再执行npm audit fix或npm audit fix --force让程序选择自己想要的版本
PS E:\dome\automated-test-platform-vue2> npm audit fix --force
npm WARN using --force Recommended protections disabled.
[..................] \ : WARN using --force Recommended protections disabled.
npm WARN audit Updating vue-loader to 17.0.0,which is a SemVer major change.
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: friendly-errors-webpack-plugin@1.7.0
npm WARN Found: webpack@5.66.0
npm WARN node_modules/webpack
npm WARN peer webpack@"^5.0.0" from css-loader@6.5.1
npm WARN node_modules/css-loader
npm WARN dev css-loader@"^6.5.1" from the root project
npm WARN 7 more (postcss-loader, terser-webpack-plugin, url-loader, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^2.0.0 || ^3.0.0 || ^4.0.0" from friendly-errors-webpack-plugin@1.7.0
npm WARN node_modules/friendly-errors-webpack-plugin
npm WARN dev friendly-errors-webpack-plugin@"^1.6.1" from the root project
npm WARN
npm WARN Conflicting peer dependency: webpack@4.46.0
npm WARN node_modules/webpack
npm WARN peer webpack@"^2.0.0 || ^3.0.0 || ^4.0.0" from friendly-errors-webpack-plugin@1.7.0
npm WARN node_modules/friendly-errors-webpack-plugin
npm WARN dev friendly-errors-webpack-plugin@"^1.6.1" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: uglifyjs-webpack-plugin@1.3.0
npm WARN Found: webpack@5.66.0
npm WARN node_modules/webpack
npm WARN peer webpack@"^5.0.0" from css-loader@6.5.1
npm WARN node_modules/css-loader
npm WARN dev css-loader@"^6.5.1" from the root project
npm WARN 7 more (postcss-loader, terser-webpack-plugin, url-loader, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^2.0.0 || ^3.0.0 || ^4.0.0" from uglifyjs-webpack-plugin@1.3.0
npm WARN node_modules/uglifyjs-webpack-plugin
npm WARN dev uglifyjs-webpack-plugin@"^1.1.1" from the root project
npm WARN
npm WARN Conflicting peer dependency: webpack@4.46.0
npm WARN node_modules/webpack
npm WARN peer webpack@"^2.0.0 || ^3.0.0 || ^4.0.0" from uglifyjs-webpack-plugin@1.3.0
npm WARN node_modules/uglifyjs-webpack-plugin
npm WARN dev uglifyjs-webpack-plugin@"^1.1.1" from the root project
added 9 packages, removed 11 packages, changed 1 package, and audited 730 packages in 6s
68 packages are looking for funding
run `npm fund` for details
# npm audit report
ansi-regex >2.1.1 <5.0.1
Severity: moderate
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/string-width/node_modules/ansi-regex
strip-ansi 4.0.0 - 5.2.0
Depends on vulnerable versions of ansi-regex
node_modules/string-width/node_modules/strip-ansi
string-width 2.1.0 - 4.1.0
Depends on vulnerable versions of strip-ansi
node_modules/string-width
serialize-javascript <=3.0.0
Severity: high
Insecure serialization leading to RCE in serialize-javascript - https://github.com/advisories/GHSA-hxcc-f52p-wc94
Cross-Site Scripting in serialize-javascript - https://github.com/advisories/GHSA-h9rv-jmmf-4pgx
fix available via `npm audit fix`
node_modules/serialize-javascript
copy-webpack-plugin 4.3.0 - 5.0.4
Depends on vulnerable versions of cacache
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
uglifyjs-webpack-plugin >=1.1.3
Depends on vulnerable versions of cacache
Depends on vulnerable versions of serialize-javascript
node_modules/uglifyjs-webpack-plugin
ssri 5.2.2 - 6.0.1
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq
fix available via `npm audit fix`
node_modules/ssri
cacache 10.0.4 - 11.0.0
Depends on vulnerable versions of ssri
node_modules/cacache
copy-webpack-plugin 4.3.0 - 5.0.4
Depends on vulnerable versions of cacache
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
uglifyjs-webpack-plugin >=1.1.3
Depends on vulnerable versions of cacache
Depends on vulnerable versions of serialize-javascript
node_modules/uglifyjs-webpack-plugin
8 vulnerabilities (3 moderate, 5 high)
To address all issues, run:
npm audit fix
PS E:\dome\automated-test-platform-vue2> npm audit fix
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: automated-test-platform-vue2@1.0.0
npm ERR! node_modules/webpack
npm ERR! webpack@"^5.66.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer webpack@"^2.0.0 || ^3.0.0" from uglifyjs-webpack-plugin@1.1.2
npm ERR! node_modules/uglifyjs-webpack-plugin
npm ERR! dev uglifyjs-webpack-plugin@"^1.1.1" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\shenyf\AppData\Local\npm-cache\_logs\2022-01-12T09_13_44_800Z-debug.log
PS E:\dome\automated-test-platform-vue2> npm uninstall uglifyjs-webpack-plugin
removed 13 packages, and audited 717 packages in 7s
68 packages are looking for funding
run `npm fund` for details
7 vulnerabilities (3 moderate, 4 high)
To address all issues, run:
npm audit fix
Run `npm audit` for details.
PS E:\dome\automated-test-platform-vue2> npm audit fix
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR!
npm ERR! While resolving: friendly-errors-webpack-plugin@1.7.0
npm ERR! Found: webpack@5.66.0
npm ERR! node_modules/webpack
npm ERR! webpack@"^5.66.0" from the root project
npm ERR! peer webpack@"^5.0.0" from css-loader@6.5.1
npm ERR! node_modules/css-loader
npm ERR! dev css-loader@"^6.5.1" from the root project
npm ERR! 6 more (postcss-loader, terser-webpack-plugin, url-loader, ...)
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer webpack@"^2.0.0 || ^3.0.0 || ^4.0.0" from friendly-errors-webpack-plugin@1.7.0
npm ERR! dev friendly-errors-webpack-plugin@"^1.6.1" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: webpack@4.46.0
npm ERR! node_modules/webpack
npm ERR! peer webpack@"^2.0.0 || ^3.0.0 || ^4.0.0" from friendly-errors-webpack-plugin@1.7.0
npm ERR! node_modules/friendly-errors-webpack-plugin
npm ERR! dev friendly-errors-webpack-plugin@"^1.6.1" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\shenyf\AppData\Local\npm-cache\_logs\2022-01-12T09_15_39_676Z-debug.log
PS E:\dome\automated-test-platform-vue2> npm uninstall friendly-errors-webpack-plugin
removed 10 packages, changed 1 package, and audited 707 packages in 6s
68 packages are looking for funding
run `npm fund` for details
4 high severity vulnerabilities
To address all issues, run:
npm audit fix
Run `npm audit` for details.
PS E:\dome\automated-test-platform-vue2> npm audit fix
up to date, audited 707 packages in 5s
68 packages are looking for funding
run `npm fund` for details
# npm audit report
serialize-javascript <=3.0.0
Severity: high
Insecure serialization leading to RCE in serialize-javascript - https://github.com/advisories/GHSA-hxcc-f52p-wc94
Cross-Site Scripting in serialize-javascript - https://github.com/advisories/GHSA-h9rv-jmmf-4pgx
fix available via `npm audit fix`
node_modules/serialize-javascript
copy-webpack-plugin 4.3.0 - 5.0.4 # 下一步要修复这里
Depends on vulnerable versions of cacache
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
ssri 5.2.2 - 6.0.1
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq
fix available via `npm audit fix`
node_modules/ssri
cacache 10.0.4 - 11.0.0
Depends on vulnerable versions of ssri
node_modules/cacache
copy-webpack-plugin 4.3.0 - 5.0.4
Depends on vulnerable versions of cacache
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
4 high severity vulnerabilities
To address all issues, run:
npm audit fix
PS E:\dome\automated-test-platform-vue2> npm install copy-webpack-plugin@4
added 40 packages, and audited 707 packages in 14s
68 packages are looking for funding
run `npm fund` for details
4 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
PS E:\dome\automated-test-platform-vue2> npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating copy-webpack-plugin to 10.2.0,which is a SemVer major change.
added 7 packages, removed 38 packages, changed 7 packages, and audited 676 packages in 18s
72 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
PS E:\dome\automated-test-platform-vue2>
修复完成
类似资料: