create-react-app React Js 的漏洞

每次我创建一个反应应用程序时npx create-react-app <AppName>, I get:

96 vulnerabilities found - Packages audited: 1682
Severity: 65 Moderate | 30 High | 1 Critical
Node Version: v14.18.1
Npm: 7.20.5
React: ^17.0.2

当我使用npm audit fix OR npm audit fix --force，这些是结果：

68 vulnerabilities (21 moderate, 45 high, 2 critical)
47 vulnerabilities (12 low, 18 moderate, 15 high, 2 critical)
58 vulnerabilities (16 moderate, 40 high, 2 critical)
48 vulnerabilities (12 low, 18 moderate, 16 high, 2 critical)
58 vulnerabilities (16 moderate, 40 high, 2 critical)

以下是审核详情：文本文件链接 https://drive.google.com/file/d/1kg_EU57uRJkFRdBOK-8IEugfURUsftlO/view?usp=sharing我做错了什么？

这是一个 NPM 错误。看here https://overreacted.io/npm-audit-broken-by-design/以获得更长的解释。你只需要把react-scripts在这样的开发依赖项中

"dependencies": {
    "react": "^17.0.2",
    "react-dom": "^17.0.2",
   },
  "devDependencies": {
    "react-scripts": "4.0.3"
  },

这个问题已经在 GitHub 上得到解决。https://github.com/facebook/create-react-app/issues/11174 https://github.com/facebook/create-react-app/issues/11174如果您确实想审核使用情况npm audit --production.