I am using xlsx in js code. It's been working great since last year. Today I started having issues and the build failed. because:
$ yarn audit: yarn audit v1.22.19 ┌───────────────────────────────────────────────────────────────────────────── │ moderate: Prototype Pollution in sheetJS ├───────────────────────────────────────────────────────────────────────────── │ Package: xlsx ├───────────────────────────────────────────────────────────────────────────── │ Patched in: >=0.19.3 ├───────────────────────────────────────────────────────────────────────────── │ Dependency of: xlsx ├───────────────────────────────────────────────────────────────────────────── │ Path: xlsx ├───────────────────────────────────────────────────────────────────────────── │ More info: https://www.npmjs.com/advisories/1091817 └─────────────────────────────────────────────────────────────────────────────
Obviously the solution is to upgrade to version 0.19.3 or higher, but the latest version is 0.18.5 as: https://www.npmjs.com/package/xlsx?activeTab=readme.
Is there any way to solve this problem?
P粉7859057972024-01-22 14:47:51
As stated in the README, this project is no longer maintained on GitHub and is no longer published to npm. Try installing from the following link: https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz. Add the following to your package.json file:
"xlsx": "https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz"