We use the check-engine script to enforce the versions defined in the package.jsons engines field. Unfortunately, instead of installing check-engine in our devDependencies we instead were installing check-engines (note the plural) errorneously. Because we're running check-engine before the dependencies are actually installed – the first time at least – we override npm 7's prompt to confirm installing a new package and so this typo was missed. check-engines was never actually run, nor does it look like a security threat, so we don't need to do anything else, we just want to make sure we are using the correct major version of check-engine to avoid breaking changes in the future.
We use the
check-engine
script to enforce the versions defined in thepackage.json
sengines
field. Unfortunately, instead of installingcheck-engine
in ourdevDependencies
we instead were installingcheck-engines
(note the plural) errorneously. Because we're runningcheck-engine
before the dependencies are actually installed – the first time at least – we override npm 7's prompt to confirm installing a new package and so this typo was missed.check-engines
was never actually run, nor does it look like a security threat, so we don't need to do anything else, we just want to make sure we are using the correct major version ofcheck-engine
to avoid breaking changes in the future.