英文:
Can security vulnerabilities for testing dependencies threaten my app in production?
问题
我正在开发一个React应用程序。运行 npm audit 发现该应用存在相当多的高级安全漏洞。
其中大部分来自于 jest,这是一个用于React的测试框架。我们需要升级这个包的几个主要版本以解决这些漏洞。
我不知道解决这些漏洞有多紧迫。如果 jest 是一个测试框架,它是否会在生产环境中暴露我的应用程序面临威胁?测试依赖项的漏洞是否可能威胁到我的应用程序在生产环境中运行?
任何建议都将不胜感激!谢谢!
英文:
I'm working on a React application. Running npm audit revealed the app has quite a few high-level security vulnerabilities.
Most of them are coming from jest, a testing framework for React. We'll need to upgrade the package by a few major versions to resolve the vulnerabilities.
I don't know how pressing it is to resolve these vulnerabilities. If jest is a testing framework, could it expose my app to threats in production? Can vulnerabilities for testing dependencies threaten to my app in production?
Any advice would be appreciated! Thank you!
答案1
得分: 0
如果您不在生产环境中部署测试代码/框架,那么您没有问题。
英文:
If you don't deploy the testing code/framework in production, you are fine.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论