We use the check-engine script to enforce the versions defined in the package.jsons engines field. Unfortunately, instead of installing check-engine in our devDependencies we instead were installing check-engines (note the plural) errorneously. Because we're running check-engine before the dependencies are actually installed – the first time at least – we override npm 7's prompt to confirm installing a new package and so this typo was missed. check-engines was never actually run, nor does it look like a security threat, so we don't need to do anything else, we just want to make sure we are using the correct major version of check-engine to avoid breaking changes in the future.
We use the
check-enginescript to enforce the versions defined in thepackage.jsonsenginesfield. Unfortunately, instead of installingcheck-enginein ourdevDependencieswe instead were installingcheck-engines(note the plural) errorneously. Because we're runningcheck-enginebefore the dependencies are actually installed – the first time at least – we override npm 7's prompt to confirm installing a new package and so this typo was missed.check-engineswas never actually run, nor does it look like a security threat, so we don't need to do anything else, we just want to make sure we are using the correct major version ofcheck-engineto avoid breaking changes in the future.