security-scan

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Security Scan

安全扫描

Resolve npm dependency vulnerabilities detected by Snyk.io security scans.

修复由Snyk.io安全扫描检测到的npm依赖漏洞。

Activation Conditions

触发条件

User shares Snyk vulnerability reports
Mentions CVEs/CWEs
Asks to fix security issues in npm dependencies

用户分享Snyk漏洞报告
提及CVE/CWE漏洞编号
请求修复npm依赖中的安全问题

Quick Reference

快速参考

Action	Rule
Fix direct deps	`vuln-direct-deps.md`
Fix transitive deps	`vuln-transitive-deps.md`

操作	规则文档
修复直接依赖	`vuln-direct-deps.md`
修复间接依赖	`vuln-transitive-deps.md`

Workflow

工作流程

1. Assess

1. 评估

Parse vulnerability report: package, version, CVE/CWE, severity, fixed version
Categorize as direct (in package.json) or transitive (pulled in by another package)

解析漏洞报告：包名、版本、CVE/CWE编号、严重程度、修复版本
分类为直接依赖（在package.json中声明）或间接依赖（由其他包引入）

2. Explore

2. 调研

Check
```
package.json
```
for current versions and existing overrides
Check lockfile for actual resolved versions
Search source code for direct usage of vulnerable package
Check npm registry for available fixed versions:
```
npm view <package> versions --json
```

检查
```
package.json
```
中的当前版本和已存在的覆盖配置
查看锁文件中的实际解析版本
搜索源代码中是否直接使用了存在漏洞的包
检查npm registry获取可用的修复版本：
```
npm view <package> versions --json
```

3. Fix

3. 修复

See rules for specific fix patterns.

查看具体修复模式的规则文档。

4. Verify

4. 验证

bash

bun i --yarn
bun run type:check
bun run lint
bun run build
bun run test

All must pass.

bash

bun i --yarn
bun run type:check
bun run lint
bun run build
bun run test

所有命令必须执行通过。

Tips

提示

Use exact versions for security fixes (no
```
^
```
prefix)
Fix Critical/High severity first
Replace unmaintained packages rather than patching
Document workarounds with comments explaining why

安全修复使用精确版本（不要加
```
^
```
前缀）
优先修复严重/高危漏洞
替换无人维护的包而非打补丁
记录临时解决方案并添加注释说明原因

Rules

规则

See

rules/

directory for detailed guidance.

查看

rules/

目录获取详细指导。