如何修复这些漏洞？（npm audit fix 无法修复这些漏洞）答案

【问题标题】：How to fix these vulnerabilities? (npm audit fix fails to fix these vulnerabilities)如何修复这些漏洞？（npm audit fix 无法修复这些漏洞）
【发布时间】：2026-01-30 05:25:02
【问题描述】：

我的项目有 6 个高度严重的漏洞，我不知道如何修复它们。 npm 审计修复失败。请帮我解决这个问题。

我正在将https://www.npmjs.com/package/toastr 安装到我的项目中，并且在安装后显示了漏洞。不知道有没有关系。 === npm 审计安全报告 ===

                             Manual Review                                  
         Some vulnerabilities require your attention to resolve             

      Visit https://go.npm.me/audit-guide for additional guidance           


High            Machine-In-The-Middle                                         

Package         https-proxy-agent                                             

Patched in      >=3.0.0                                                       

Dependency of   @angular/cli [dev]                                            

Path            @angular/cli > @schematics/update > pacote >                  
                make-fetch-happen > https-proxy-agent                         

More info       https://npmjs.com/advisories/1184

High            Machine-In-The-Middle                                         

Package         https-proxy-agent                                             

Patched in      >=3.0.0                                                       

Dependency of   @angular/cli [dev]                                            

Path            @angular/cli > pacote > make-fetch-happen >                   
                https-proxy-agent                                             

More info       https://npmjs.com/advisories/1184

High            Machine-In-The-Middle                                         

Package         https-proxy-agent                                             

Patched in      >=3.0.0                                                       

Dependency of   @angular/cli [dev]                                            

Path            @angular/cli > @schematics/update > pacote >                  
                npm-registry-fetch > make-fetch-happen > https-proxy-agent    

More info       https://npmjs.com/advisories/1184

High            Machine-In-The-Middle                                         

Package         https-proxy-agent                                             

Patched in      >=3.0.0                                                       

Dependency of   @angular/cli [dev]                                            

Path            @angular/cli > pacote > npm-registry-fetch >                  
                make-fetch-happen > https-proxy-agent                         

More info       https://npmjs.com/advisories/1184

High            Machine-In-The-Middle                                         

Package         https-proxy-agent                                             

Patched in      >=3.0.0                                                       

Dependency of   protractor [dev]                                              

Path            protractor > browserstack > https-proxy-agent                 

More info       https://npmjs.com/advisories/1184

High            Machine-In-The-Middle                                         

Package         https-proxy-agent                                             

Patched in      >=3.0.0                                                       

Dependency of   protractor [dev]                                              

Path            protractor > saucelabs > https-proxy-agent                    

More info       https://npmjs.com/advisories/1184

【问题讨论】：

标签： angular npm

【解决方案1】：

1) npm i --save-dev npm-force-resolutions

2) 将此添加到您的 package.json 中

“决议”：{ “https-proxy-agent”：“^3.0.0” }

3) 让 npm-force-resolutions 做这件事

rm -r node_modules
npx npm-force-resolutions
npm install

4) 重新运行您的审计 npm 审计。

字体：https://github.com/TooTallNate/node-https-proxy-agent/issues/84#issuecomment-543884972

【讨论】：

此解决方案仅在一段时间内有效，并且再次出现相同的问题
@user11135351 见*.com/questions/64605805/…。

【解决方案2】：

修复BUILD问题和一般安装问题：

package.json

{
  ...
  "scripts": {
     "resolve-install": "npx npm-force-resolutions && npm install"
  },
  "resolutions": {
    "https-proxy-agent": "^3.0.0"
  }
}

然后在cmd 或Dockerfile 中运行而不是npm install：

npm run resolve-install

【讨论】：

【解决方案3】：

看看这个帖子：How do I override nested NPM dependency versions?

只需将相应的包替换为审核中列出的包即可。

【讨论】：