更新 package.json 中所有 nestjs 依赖项的版本后,无法使用 npm install

【问题标题】:Can't use npm install after I updated the version of all nestjs dependencies in my package.json更新 package.json 中所有 nestjs 依赖项的版本后,无法使用 npm install
【发布时间】:2022-06-20 18:11:28
【问题描述】:

我创建了一个新的 nestjs 项目并安装了几个额外的标准包。控制台说包过时了,有7个红色漏洞。

建议的命令npm audit fix --force 没有帮助 - 之后仍有 4 个红色漏洞。 我找到了一条命令,可以将我的包更新到最新版本:

npm install -g npm-check-updates
ncu -u
npm install

现在我不能使用npm install

npm install
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @nestjs/typeorm@8.0.4
npm ERR! Found: typeorm@0.3.6
npm ERR! node_modules/typeorm
npm ERR!   typeorm@"^0.3.6" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer typeorm@"^0.2.34" from @nestjs/typeorm@8.0.4
npm ERR! node_modules/@nestjs/typeorm
npm ERR!   @nestjs/typeorm@"^8.0.4" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: typeorm@0.2.45
npm ERR! node_modules/typeorm
npm ERR!   peer typeorm@"^0.2.34" from @nestjs/typeorm@8.0.4
npm ERR!   node_modules/@nestjs/typeorm
npm ERR!     @nestjs/typeorm@"^8.0.4" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.

我删除了node_modulespackage-lock.json,然后用npm install --force 强制安装。但我再次收到有关严重漏洞的消息:

npm install --force
npm WARN using --force Recommended protections disabled.
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @nestjs/typeorm@8.0.4
npm WARN Found: typeorm@0.3.6
npm WARN node_modules/typeorm
npm WARN   typeorm@"^0.3.6" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer typeorm@"^0.2.34" from @nestjs/typeorm@8.0.4
npm WARN node_modules/@nestjs/typeorm
npm WARN   @nestjs/typeorm@"^8.0.4" from the root project
npm WARN 
npm WARN Conflicting peer dependency: typeorm@0.2.45
npm WARN node_modules/typeorm
npm WARN   peer typeorm@"^0.2.34" from @nestjs/typeorm@8.0.4
npm WARN   node_modules/@nestjs/typeorm
npm WARN     @nestjs/typeorm@"^8.0.4" from the root project

added 823 packages, and audited 824 packages in 29s

84 packages are looking for funding
  run `npm fund` for details

7 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

我在兜圈子,不明白如何解决这个问题。尤其是我需要使用哪个版本没有红色安全问题?

我的package.json 文件现在看起来像这样:

{
  "name": "api",
  "version": "0.0.1",
  "description": "",
  "author": "",
  "private": true,
  "license": "UNLICENSED",
  "scripts": {
    "prebuild": "rimraf dist",
    "build": "nest build",
    "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
    "start": "nest start",
    "start:dev": "nest start --watch",
    "start:debug": "nest start --debug --watch",
    "start:prod": "node dist/main",
    "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
    "test": "jest",
    "test:watch": "jest --watch",
    "test:cov": "jest --coverage",
    "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
    "test:e2e": "jest --config ./test/jest-e2e.json"
  },
  "dependencies": {
    "@nestjs/common": "^8.4.5",
    "@nestjs/core": "^8.4.5",
    "@nestjs/platform-express": "^8.4.5",
    "@nestjs/typeorm": "^8.0.4",
    "class-transformer": "^0.5.1",
    "class-validator": "^0.13.2",
    "reflect-metadata": "^0.1.13",
    "rimraf": "^3.0.2",
    "rxjs": "^7.5.5",
    "sqlite3": "^5.0.8",
    "typeorm": "^0.3.6"
  },
  "devDependencies": {
    "@nestjs/cli": "^8.2.6",
    "@nestjs/schematics": "^8.0.11",
    "@nestjs/testing": "^8.4.5",
    "@types/express": "^4.17.13",
    "@types/jest": "27.5.1",
    "@types/node": "^17.0.35",
    "@types/supertest": "^2.0.12",
    "@typescript-eslint/eslint-plugin": "^5.26.0",
    "@typescript-eslint/parser": "^5.26.0",
    "eslint": "^8.16.0",
    "eslint-config-prettier": "^8.5.0",
    "eslint-plugin-prettier": "^4.0.0",
    "jest": "^28.1.0",
    "prettier": "^2.6.2",
    "source-map-support": "^0.5.21",
    "supertest": "^6.2.3",
    "ts-jest": "^28.0.3",
    "ts-loader": "^9.3.0",
    "ts-node": "^10.8.0",
    "tsconfig-paths": "^4.0.0",
    "typescript": "^4.7.2"
  },
  "jest": {
    "moduleFileExtensions": [
      "js",
      "json",
      "ts"
    ],
    "rootDir": "src",
    "testRegex": ".*\\.spec\\.ts$",
    "transform": {
      "^.+\\.(t|j)s$": "ts-jest"
    },
    "collectCoverageFrom": [
      "**/*.(t|j)s"
    ],
    "coverageDirectory": "../coverage",
    "testEnvironment": "node"
  }
}

即使我的package.json 文件指定了更新版本“typeorm”:“^0.3. 6”?这也是目前的最新版本。

PS:如果我将 Tyrm 版本改回 0.2.34 或 0.2,我可以再次使用 npm install,但我会收到红色的“7 个高严重性漏洞”消息。

【问题讨论】:

  • 既然你使用的是@nestjs/typeorm 8,你应该使用typeorm@0.2github.com/nestjs/typeorm/pull/1233
  • 然后我再次收到以下红色消息:“7 个高严重性漏洞”。我需要使用 Nestjs 和 TypORM 以及其他软件包的什么版本组合,这样我就不会收到有关严重漏洞的消息?
  • 忽略这些问题有多危险,如果“npm audit fix --force”无法自动修复它们该怎么办?我还不能理解开发人员的代码或自己修复错误,因为我的编程技能还不够。
  • 阅读:npm audit: Broken by Design

标签: npm nestjs npm-install typeorm


【解决方案1】:

您好,我刚刚遇到了一些问题,因为 nest and npm 命令被阻止,因此请尝试按照以下步骤从 Windows PowerShell 允许它here

【讨论】:

  • 嗨,我使用的是 Ubuntu。我可以通过改回 0.2 版来解决问题,但由于安全问题,我仍然收到红色警告。
【解决方案2】:

对我来说同样的问题。使用npm install --legacy-peer-deps 似乎可以解决问题,但漏洞仍然存在。

【讨论】:

    【解决方案3】:

    通过运行此命令更新最新的 npm npm i -g npm@lates

    【讨论】:

      猜你喜欢
      • 2018-11-07
      • 2020-07-28
      • 1970-01-01
      • 2018-03-11
      • 1970-01-01
      • 2019-03-19
      • 2018-05-02
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode