基础信息
项目名称:edusperoni/nativescript-ripple
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721158629591089152/1727892561208496128
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Yargs Y18n 输入原型污染漏洞 | 动态确定对象属性修改的控制不恰当 | MPS-2020-17543 | CVE-2020-7774 | 严重 |
| minimist 原型污染漏洞 | 原型污染 | MPS-2020-3516 | CVE-2020-7598 | 中危 |
| Sindre Sorhus is-svg 拒绝服务漏洞 | 拒绝服务 | MPS-2021-3031 | CVE-2021-28092 | 高危 |
| nth-check 正则表达式拒绝服务漏洞 | ReDoS | MPS-2021-31847 | CVE-2021-3803 | 高危 |
| inflect 正则表达式拒绝服务漏洞 | ReDoS | MPS-2021-32311 | CVE-2021-3820 | 高危 |
| Ruy Adorno hosted-git-info 正则表达式拒绝服务漏洞 | 拒绝服务 | MPS-2021-3400 | CVE-2021-23362 | 中危 |
| minimist 安全漏洞 | 原型污染 | MPS-2021-38405 | CVE-2021-44906 | 严重 |
| Andrey Sitnik postcss 拒绝服务漏洞 | 拒绝服务 | MPS-2021-4549 | CVE-2021-23368 | 中危 |
| postcss 存在正则表达式拒绝服务漏洞 | 拒绝服务 | MPS-2021-5409 | CVE-2021-23382 | 中危 |
| browserslist 存在正则表达式拒绝服务漏洞 | 拒绝服务 | MPS-2021-5473 | CVE-2021-23364 | 中危 |
| npm path-parse 安全漏洞 | 拒绝服务 | MPS-2021-6165 | CVE-2021-23343 | 高危 |
| glob-parent | 拒绝服务 | MPS-2021-7827 | CVE-2020-28469 | 高危 |
| Color-String | 拒绝服务 | MPS-2021-8683 | CVE-2021-29060 | 中危 |
| is-svg 存在正则表达式拒绝服务漏洞 | 拒绝服务 | MPS-2021-8684 | CVE-2021-29059 | 高危 |
| Angular 跨站脚本漏洞 | XSS | MPS-2022-12764 | CVE-2021-4231 | 中危 |
| @angular/core 存在跨站脚本漏洞 | XSS | MPS-2022-13545 | 低危 | |
| terser 安全漏洞 | ReDoS | MPS-2022-5145 | CVE-2022-25858 | 高危 |
| node-semver 安全漏洞 | ReDoS | MPS-2022-5166 | CVE-2022-25883 | 高危 |
| decode-uri-component | 拒绝服务 | MPS-2022-56259 | CVE-2022-38900 | 高危 |
| minimatch 资源管理错误漏洞 | 拒绝服务 | MPS-2022-59845 | CVE-2022-3517 | 高危 |
| PostCSS 安全漏洞 | 注入 | MPS-y3tx-jzms | CVE-2023-44270 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| nth-check | 1.0.2 | 2.0.1 | 间接依赖 | 建议修复 |
| y18n | 4.0.0 | 4.0.1 | 间接依赖 | 建议修复 |
| path-parse | 1.0.6 | 1.0.7 | 间接依赖 | 建议修复 |
| glob-parent | 5.1.1 | 5.1.2 | 间接依赖 | 建议修复 |
| terser | 5.3.2 | 5.14.2 | 间接依赖 | 建议修复 |
| is-svg | 3.0.0 | 4.3.0 | 间接依赖 | 建议修复 |
| decode-uri-component | 0.2.0 | 0.2.1 | 间接依赖 | 建议修复 |
| i | 0.3.6 | 0.3.7 | 间接依赖 | 建议修复 |
| minimist | 0.0.8 | 1.2.6 | 间接依赖 | 建议修复 |
| minimatch | 3.0.4 | 3.0.5 | 间接依赖 | 建议修复 |
| browserslist | 4.14.5 | 4.16.5 | 间接依赖 | 可选修复 |
| hosted-git-info | 2.8.8 | 2.8.9 | 间接依赖 | 可选修复 |
| postcss | 7.0.34 | 8.4.31 | 间接依赖 | 可选修复 |
| color-string | 1.5.3 | 1.5.5 | 间接依赖 | 可选修复 |
| @angular/core | 10.0.12 | 11.0.5 | 直接依赖 | 可选修复 |
| semver | 5.5.0 | 7.5.2 | 间接依赖 | 可选修复 |
| tslib | 1.9.1 | 间接依赖 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| MIT | 231 | 低 |
| BSD-2-Clause | 8 | 低 |
| CC-BY-4.0 | 1 | 低 |
| BSD-3-Clause | 3 | 低 |
| ISC | 27 | 低 |
| Apache-2.0 | 14 | 低 |
| Apache 2.0 | 1 | 低 |
| 自定义许可证 | 2 | 低 |
| CC0-1.0 | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| p-locate | 4.1.0 | 间接依赖 | npm |
| colors | 1.3.0 | 间接依赖 | npm |
| css-select | 2.1.0 | 间接依赖 | npm |
| postcss | 7.0.34 | 间接依赖 | npm |
| postcss-normalize-url | 4.0.1 | 间接依赖 | npm |
| decamelize | 1.2.0 | 间接依赖 | npm |
| xxhashjs | 0.2.2 | 间接依赖 | npm |
| path-exists | 4.0.0 | 间接依赖 | npm |
| cssnano-util-raw-cache | 4.0.1 | 间接依赖 | npm |
| decode-uri-component | 0.2.0 | 间接依赖 | npm |
| postcss-normalize-repeat-style | 4.0.2 | 间接依赖 | npm |
| css-parse | 2.0.0 | 间接依赖 | npm |
| @types/node | 14.11.2 | 间接依赖 | npm |
| caniuse-lite | 1.0.30001137 | 间接依赖 | npm |
| canonical-path | 1.0.0 | 间接依赖 | npm |
| cssesc | 3.0.0 | 间接依赖 | npm |
| find-parent-dir | 0.3.0 | 间接依赖 | npm |
| winston | 2.1.1 | 间接依赖 | npm |
| diff | 4.0.2 | 间接依赖 | npm |
| urix | 0.1.0 | 间接依赖 | npm |
| locate-path | 5.0.0 | 间接依赖 | npm |
| uniq | 1.0.1 | 间接依赖 | npm |
| require-directory | 2.1.1 | 间接依赖 | npm |
| fs.realpath | 1.0.0 | 间接依赖 | npm |
| atob | 2.1.2 | 间接依赖 | npm |
| is-obj | 2.0.0 | 间接依赖 | npm |
| css-select-base-adapter | 0.1.1 | 间接依赖 | npm |
| string-width | 4.2.0 | 间接依赖 | npm |
| tslint | 6.1.3 | 直接依赖 | npm |
| mute-stream | 0.0.7 | 间接依赖 | npm |
| readable-stream | 1.0.34 | 间接依赖 | npm |
| zone.js | 0.11.1 | 直接依赖 | npm |
| boolbase | 1.0.0 | 间接依赖 | npm |
| is-glob | 4.0.1 | 间接依赖 | npm |
| async | 0.9.2 | 间接依赖 | npm |
| postcss-svgo | 4.0.2 | 间接依赖 | npm |
| function-bind | 1.1.1 | 间接依赖 | npm |
| inherits | 2.0.3 | 间接依赖 | npm |
| wrap-ansi | 6.2.0 | 间接依赖 | npm |
| caniuse-api | 3.0.0 | 间接依赖 | npm |
| @nativescript/zone-js | 1.0.1 | 间接依赖 | npm |
| braces | 3.0.2 | 间接依赖 | npm |
| concat-map | 0.0.1 | 间接依赖 | npm |
| has-symbols | 1.0.1 | 间接依赖 | npm |
| type-fest | 0.6.0 | 间接依赖 | npm |
| sourcemap-codec | 1.4.8 | 间接依赖 | npm |
| prr | 1.0.1 | 间接依赖 | npm |
| @babel/code-frame | 7.10.4 | 间接依赖 | npm |
| ansi-colors | 4.1.1 | 间接依赖 | npm |
| i | 0.3.6 | 间接依赖 | npm |
| process-nextick-args | 2.0.1 | 直接依赖 | npm |
| is-arrayish | 0.3.2 | 间接依赖 | npm |
| path-is-absolute | 1.0.1 | 间接依赖 | npm |
| hosted-git-info | 2.8.8 | 间接依赖 | npm |
| universalify | 0.1.2 | 间接依赖 | npm |
| stylus | 0.54.8 | 间接依赖 | npm |
| to-regex-range | 5.0.1 | 间接依赖 | npm |
| fill-range | 7.0.1 | 间接依赖 | npm |
| es-abstract | 1.17.6 | 间接依赖 | npm |
| p-limit | 2.3.0 | 间接依赖 | npm |
| css-declaration-sorter | 4.0.1 | 间接依赖 | npm |
| through2 | 2.0.5 | 间接依赖 | npm |
| estree-walker | 2.0.1 | 间接依赖 | npm |
| @types/normalize-package-data | 2.4.0 | 间接依赖 | npm |
| path-parse | 1.0.6 | 间接依赖 | npm |
| commondir | 1.0.1 | 间接依赖 | npm |
| has | 1.0.3 | 间接依赖 | npm |
| stable | 0.1.8 | 间接依赖 | npm |
| emoji-regex | 8.0.0 | 间接依赖 | npm |
| indexes-of | 1.0.1 | 间接依赖 | npm |
| postcss-discard-overridden | 4.0.1 | 间接依赖 | npm |
| set-blocking | 2.0.0 | 间接依赖 | npm |
| resolve | 1.17.0 | 间接依赖 | npm |
| postcss-ordered-values | 4.1.2 | 间接依赖 | npm |
| @angular/animations | 10.0.14 | 直接依赖 | npm |
| is-reference | 1.2.1 | 间接依赖 | npm |
| magic-string | 0.25.7 | 间接依赖 | npm |
| validate-npm-package-license | 3.0.4 | 间接依赖 | npm |
| isarray | 0.0.1 | 间接依赖 | npm |
| require-main-filename | 2.0.0 | 间接依赖 | npm |
| @rollup/plugin-json | 4.1.0 | 间接依赖 | npm |
| inflight | 1.0.6 | 间接依赖 | npm |
| define-properties | 1.1.3 | 间接依赖 | npm |
| normalize-path | 3.0.0 | 间接依赖 | npm |
| sass | 1.26.11 | 间接依赖 | npm |
| y18n | 4.0.0 | 间接依赖 | npm |
| spdx-correct | 3.1.1 | 间接依赖 | npm |
| readdirp | 3.4.0 | 间接依赖 | npm |
| util-deprecate | 1.0.2 | 间接依赖 | npm |
| @angular/forms | 10.0.12 | 直接依赖 | npm |
| string_decoder | 0.10.31 | 间接依赖 | npm |
| has-flag | 3.0.0 | 直接依赖 | npm |
| cuint | 0.2.2 | 间接依赖 | npm |
| errno | 0.1.7 | 间接依赖 | npm |
| graceful-fs | 4.2.4 | 间接依赖 | npm |
| read-pkg-up | 5.0.0 | 间接依赖 | npm |
| source-map-resolve | 0.6.0 | 间接依赖 | npm |
| chokidar | 3.4.2 | 间接依赖 | npm |
| util.promisify | 1.0.1 | 间接依赖 | npm |
| revalidator | 0.1.8 | 间接依赖 | npm |
| @angular/compiler-cli | 10.0.12 | 直接依赖 | npm |
| tslib | 1.9.1 | 间接依赖 | npm |
| color | 3.1.2 | 间接依赖 | npm |
| css-what | 3.3.0 | 间接依赖 | npm |
| rimraf | 2.6.2 | 间接依赖 | npm |
| @angular/common | 10.0.12 | 直接依赖 | npm |
| css | 2.2.4 | 间接依赖 | npm |
| hsla-regex | 1.0.0 | 间接依赖 | npm |
| source-map-support | 0.5.19 | 间接依赖 | npm |
| parse-json | 5.1.0 | 间接依赖 | npm |
| electron-to-chromium | 1.3.573 | 间接依赖 | npm |
| native-request | 1.0.7 | 间接依赖 | npm |
| @angular/router | 10.0.12 | 直接依赖 | npm |
| coa | 2.0.2 | 间接依赖 | npm |
| less | 3.12.2 | 间接依赖 | npm |
| fast-json-stable-stringify | 2.1.0 | 间接依赖 | npm |
| node-sass-tilde-importer | 1.0.2 | 间接依赖 | npm |
| postcss-merge-longhand | 4.0.11 | 间接依赖 | npm |
| color-convert | 1.9.1 | 间接依赖 | npm |
| terser | 5.3.2 | 间接依赖 | npm |
| postcss-normalize-positions | 4.0.2 | 间接依赖 | npm |
| color-name | 1.1.3 | 间接依赖 | npm |
| uniqs | 2.0.0 | 间接依赖 | npm |
| chalk | 2.4.1 | 间接依赖 | npm |
| normalize-url | 3.3.0 | 间接依赖 | npm |
| postcss-normalize-timing-functions | 4.0.2 | 间接依赖 | npm |
| xtend | 4.0.2 | 间接依赖 | npm |
| tsutils | 2.29.0 | 间接依赖 | npm |
| is-svg | 3.0.0 | 间接依赖 | npm |
| which-module | 2.0.0 | 间接依赖 | npm |
| resolve-url | 0.2.1 | 直接依赖 | npm |
| pkginfo | 0.4.1 | 间接依赖 | npm |
| ng-packagr | 10.1.2 | 直接依赖 | npm |
| glob-parent | 5.1.1 | 间接依赖 | npm |
| brace-expansion | 1.1.11 | 间接依赖 | npm |
| postcss-reduce-transforms | 4.0.2 | 间接依赖 | npm |
| deepmerge | 4.2.2 | 间接依赖 | npm |
| dot-prop | 5.3.0 | 直接依赖 | npm |
| cssnano-preset-default | 4.0.7 | 间接依赖 | npm |
| @nativescript/types | 7.0.1 | 直接依赖 | npm |
| core-util-is | 1.0.2 | 间接依赖 | npm |
| is-binary-path | 2.1.0 | 间接依赖 | npm |
| punycode | 2.1.1 | 间接依赖 | npm |
| vendors | 1.0.4 | 间接依赖 | npm |
| json-parse-even-better-errors | 2.3.1 | 间接依赖 | npm |
| @types/q | 1.5.4 | 间接依赖 | npm |
| postcss-discard-duplicates | 4.0.2 | 间接依赖 | npm |
| postcss-convert-values | 4.0.1 | 间接依赖 | npm |
| css-tree | 1.0.0-alpha.39 | 间接依赖 | npm |
| @babel/helper-validator-identifier | 7.10.4 | 间接依赖 | npm |
| q | 1.5.1 | 间接依赖 | npm |
| @rollup/plugin-node-resolve | 9.0.0 | 间接依赖 | npm |
| @babel/highlight | 7.10.4 | 间接依赖 | npm |
| js-yaml | 3.14.0 | 间接依赖 | npm |
| @angular/core | 10.0.12 | 直接依赖 | npm |
| html-comment-regex | 1.1.2 | 间接依赖 | npm |
| mime | 1.6.0 | 间接依赖 | npm |
| @types/resolve | 1.17.1 | 间接依赖 | npm |
| ajv | 6.12.5 | 间接依赖 | npm |
| colorette | 1.2.1 | 间接依赖 | npm |
| lines-and-columns | 1.1.6 | 间接依赖 | npm |
| source-map-url | 0.4.0 | 直接依赖 | npm |
| picomatch | 2.2.2 | 间接依赖 | npm |
| yargs-parser | 18.1.3 | 间接依赖 | npm |
| postcss-minify-params | 4.0.2 | 间接依赖 | npm |
| source-map | 0.6.1 | 间接依赖 | npm |
| alphanum-sort | 1.0.2 | 间接依赖 | npm |
| color-string | 1.5.3 | 间接依赖 | npm |
| postcss-normalize-string | 4.0.2 | 间接依赖 | npm |
| autoprefixer | 9.8.6 | 间接依赖 | npm |
| postcss-value-parser | 3.3.1 | 间接依赖 | npm |
| postcss-minify-font-values | 4.0.2 | 间接依赖 | npm |
| cliui | 6.0.0 | 间接依赖 | npm |
| css-unit-converter | 1.1.2 | 间接依赖 | npm |
| stack-trace | 0.0.10 | 间接依赖 | npm |
| postcss-discard-comments | 4.0.2 | 间接依赖 | npm |
| camelcase | 5.3.1 | 间接依赖 | npm |
| csso | 4.0.3 | 间接依赖 | npm |
| is-module | 1.0.0 | 间接依赖 | npm |
| safe-buffer | 5.1.2 | 间接依赖 | npm |
| read | 1.0.7 | 间接依赖 | npm |
| postcss-calc | 7.0.4 | 间接依赖 | npm |
| mkdirp | 0.5.1 | 间接依赖 | npm |
| utile | 0.3.0 | 间接依赖 | npm |
| buffer-from | 1.1.1 | 间接依赖 | npm |
| sprintf-js | 1.0.3 | 间接依赖 | npm |
| prompt | 1.0.0 | 直接依赖 | npm |
| sax | 1.2.4 | 间接依赖 | npm |
| eyes | 0.1.8 | 间接依赖 | npm |
| commander | 2.20.3 | 间接依赖 | npm |
| is-fullwidth-code-point | 3.0.0 | 间接依赖 | npm |
| postcss-normalize-display-values | 4.0.2 | 间接依赖 | npm |
| browserslist | 4.14.5 | 间接依赖 | npm |
| binary-extensions | 2.1.0 | 间接依赖 | npm |
| object.getownpropertydescriptors | 2.1.0 | 间接依赖 | npm |
| pify | 4.0.1 | 间接依赖 | npm |
| read-pkg | 5.2.0 | 间接依赖 | npm |
| minimatch | 3.0.4 | 间接依赖 | npm |
| deep-equal | 0.2.2 | 间接依赖 | npm |
| is-negative-zero | 2.0.0 | 直接依赖 | npm |
| css-color-names | 0.0.4 | 间接依赖 | npm |
| is-extglob | 2.1.1 | 间接依赖 | npm |
| isstream | 0.1.2 | 间接依赖 | npm |
| rollup-plugin-sourcemaps | 0.6.2 | 间接依赖 | npm |
| postcss-minify-gradients | 4.0.2 | 间接依赖 | npm |
| hsl-regex | 1.0.0 | 间接依赖 | npm |
| @nativescript/types-android | 7.0.2 | 间接依赖 | npm |
| is-absolute-url | 2.1.0 | 间接依赖 | npm |
| postcss-url | 8.0.0 | 间接依赖 | npm |
| rollup | 2.28.2 | 间接依赖 | npm |
| balanced-match | 1.0.0 | 间接依赖 | npm |
| postcss-colormin | 4.0.3 | 间接依赖 | npm |
| @rollup/pluginutils | 3.1.0 | 间接依赖 | npm |
| copyfiles | 2.3.0 | 直接依赖 | npm |
| escape-string-regexp | 1.0.5 | 间接依赖 | npm |
| is-color-stop | 1.1.0 | 间接依赖 | npm |
| @rollup/plugin-commonjs | 15.1.0 | 间接依赖 | npm |
| postcss-reduce-initial | 4.0.3 | 间接依赖 | npm |
| @nativescript/core | 7.0.0 | 直接依赖 | npm |
| cssnano-util-get-match | 4.0.0 | 间接依赖 | npm |
| typescript | 3.9.7 | 直接依赖 | npm |
| esprima | 4.0.0 | 间接依赖 | npm |
| minimist | 0.0.8 | 间接依赖 | npm |
| postcss-unique-selectors | 4.0.1 | 间接依赖 | npm |
| postcss-discard-empty | 4.0.1 | 间接依赖 | npm |
| lodash.memoize | 4.1.2 | 间接依赖 | npm |
| domutils | 1.7.0 | 间接依赖 | npm |
| @types/estree | 0.0.39 | 间接依赖 | npm |
| reflect-metadata | 0.1.13 | 间接依赖 | npm |
| num2fraction | 1.2.2 | 间接依赖 | npm |
| is-number | 7.0.0 | 间接依赖 | npm |
| fs-extra | 4.0.2 | 间接依赖 | npm |
| make-dir | 2.1.0 | 间接依赖 | npm |
| object.values | 1.1.1 | 间接依赖 | npm |
| @nativescript/hook | 2.0.0 | 间接依赖 | npm |
| @nativescript/angular | 10.0.2 | 直接依赖 | npm |
| postcss-normalize-charset | 4.0.1 | 间接依赖 | npm |
| find-up | 4.1.0 | 间接依赖 | npm |
| rgb-regex | 1.0.1 | 间接依赖 | npm |
| image-size | 0.5.5 | 间接依赖 | npm |
| yargs | 15.3.0 | 间接依赖 | npm |
| json-schema-traverse | 0.4.1 | 间接依赖 | npm |
| lodash.uniq | 4.5.0 | 间接依赖 | npm |
| at-least-node | 1.0.0 | 直接依赖 | npm |
| unquote | 1.1.1 | 间接依赖 | npm |
| injection-js | 2.3.1 | 间接依赖 | npm |
| postcss-selector-parser | 6.0.4 | 间接依赖 | npm |
| nth-check | 1.0.2 | 间接依赖 | npm |
| mdn-data | 2.0.6 | 间接依赖 | npm |
| @angular/compiler | 10.0.12 | 直接依赖 | npm |
| safer-buffer | 2.1.2 | 间接依赖 | npm |
| fast-deep-equal | 3.1.3 | 间接依赖 | npm |
| cycle | 1.0.3 | 间接依赖 | npm |
| wrappy | 1.0.2 | 间接依赖 | npm |
| semver | 5.5.0 | 间接依赖 | npm |
| rxjs | 6.2.2 | 间接依赖 | npm |
| @types/color-name | 1.1.1 | 直接依赖 | npm |
| fsevents | 2.1.3 | 间接依赖 | npm |
| get-caller-file | 2.0.5 | 间接依赖 | npm |
| anymatch | 3.1.1 | 间接依赖 | npm |
| normalize-range | 0.1.2 | 间接依赖 | npm |
| ncp | 1.0.1 | 间接依赖 | npm |
| noms | 0.0.0 | 间接依赖 | npm |
| postcss-normalize-unicode | 4.0.1 | 间接依赖 | npm |
| rgba-regex | 1.0.0 | 间接依赖 | npm |
| ms | 2.0.0 | 间接依赖 | npm |
| normalize-package-data | 2.5.0 | 间接依赖 | npm |
| cssnano-util-same-parent | 4.0.1 | 间接依赖 | npm |
| debug | 3.1.0 | 间接依赖 | npm |
| timsort | 0.3.0 | 间接依赖 | npm |
| svgo | 1.3.2 | 间接依赖 | npm |
| @angular/platform-browser | 10.0.12 | 直接依赖 | npm |
| @nativescript/types-ios | 7.0.1 | 间接依赖 | npm |
| hex-color-regex | 1.1.0 | 间接依赖 | npm |
| node-releases | 1.1.61 | 间接依赖 | npm |
| simple-swizzle | 0.2.2 | 间接依赖 | npm |
| postcss-minify-selectors | 4.0.2 | 间接依赖 | npm |
| stylehacks | 4.0.3 | 间接依赖 | npm |
| spdx-expression-parse | 3.0.1 | 间接依赖 | npm |
| glob | 7.1.2 | 间接依赖 | npm |
| cssnano-util-get-arguments | 4.0.0 | 间接依赖 | npm |
| once | 1.4.0 | 间接依赖 | npm |
| builtin-modules | 1.1.1 | 间接依赖 | npm |
| argparse | 1.0.10 | 间接依赖 | npm |
| jsonfile | 4.0.0 | 间接依赖 | npm |
| postcss-normalize-whitespace | 4.0.2 | 间接依赖 | npm |
| escalade | 3.1.0 | 间接依赖 | npm |
| reduce-css-calc | 2.1.7 | 间接依赖 | npm |
| convert-source-map | 1.7.0 | 间接依赖 | npm |
| error-ex | 1.3.2 | 间接依赖 | npm |
| dependency-graph | 0.7.2 | 间接依赖 | npm |
| uri-js | 4.4.0 | 间接依赖 | npm |
| postcss-merge-rules | 4.0.3 | 间接依赖 | npm |