Node模块的依赖在更新或安装后不会更新？

Question

我想在我的应用程序中使用react-highcharts。我用了npm install react-highcharts，成功了，警告：

found 1 high severity vulnerability, run `npm audit fix` to fix them, or `npm audit` for details.

npm audit fix 什么也没做；它说我必须手动解决这个问题。我跑了npm audit 看看发生了什么，然后得到了

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Cross-Site Scripting                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ highcharts                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=7.2.2 <8.0.0 || >=8.1.1                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-highcharts                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ react-highcharts > highcharts                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1227                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 994 scanned packages
  1 vulnerability requires manual review. See the full report for details.

"More info" link 和“Patched in”行表明这已在 highcharts >=8.1.1 中修复。最新版本是highcharts@9.0.0，所以我决定更新它：

❯ npm update highcharts -dd
npm info it worked if it ends with ok
npm verb cli [
npm verb cli   '/usr/local/bin/node',
npm verb cli   '/usr/local/bin/npm',
npm verb cli   'update',
npm verb cli   'highcharts',
npm verb cli   '-dd'
npm verb cli ]
npm info using npm@6.14.10
npm info using node@v14.15.4
npm verb npm-session 0b92b8dc64938cea
npm verb update computing outdated modules to update
npm verb exit [ 0, true ]
npm timing npm Completed in 1507ms
npm info ok

“如果它以 ok 结尾，它就起作用了，”但是看：

❯ npm list highcharts
myproj@1.0.0 /Users/actinidia/myproj
└─┬ react-highcharts@16.1.0
  └── highcharts@6.2.0

我还有highcharts@6.2.0！并且运行npm install highcharts 只会导致第二个highcharts 副本，尽管新版本确实是9.0.0 版：

├── highcharts@9.0.0
└─┬ react-highcharts@16.1.0
  └── highcharts@6.2.0

如何更新react-highcharts 将使用的依赖项？

Answer 1

你应该先卸载 highcharts 然后重新安装。

npm uninstall react-highcharts
npm install react-highcharts

Answer 2

我关注ppotaczek's advice 并安装了官方支持的 Highcharts 包装器。就这么简单

❯ npm install highcharts-react-official
npm WARN highcharts-react-official@3.0.0 requires a peer of highcharts@>=6.0.0
but none is installed. You must install peer dependencies yourself.

+ highcharts-react-official@3.0.0
added 1 package and audited 992 packages in 4.48s

❯ npm install highcharts
+ highcharts@9.0.0
added 1 package from 1 contributor and audited 993 packages in 4.978s

Answer 3

删除已安装的：node_modules 和 package-lock.json

修改package.json格式如下

npm audit fix --force

npm install