The @mozaic-ds/css-dev-tools provoke some vulnerabilities due to some outdated packages.
It seems the main problem is @postcss-base-64 which was not updated in 6 year and require some really old version of @postcss, @ansi-regex, @yaml ...
I don't know if there is an alternative to this package, but there is no more development on it and will carry some problems over time.
GitHub repository
No response
Mock-up(s)
No response
What happened?
No response
What is expected?
npm audit should be as clean as possible
To Reproduce
npm audit report on a repository with a @mozaic-ds/css-dev-tools dependencies
I am opening an issue for
Tools (PostCSS, Stylelint, ...)
Package version
@mozaic-ds/css-dev-tools @1.60.0
Description
The @mozaic-ds/css-dev-tools provoke some vulnerabilities due to some outdated packages. It seems the main problem is @postcss-base-64 which was not updated in 6 year and require some really old version of @postcss, @ansi-regex, @yaml ...
I don't know if there is an alternative to this package, but there is no more development on it and will carry some problems over time.
GitHub repository
No response
Mock-up(s)
No response
What happened?
No response
What is expected?
npm audit should be as clean as possible
To Reproduce
npm audit reporton a repository with a @mozaic-ds/css-dev-tools dependenciesCode example
No response
Is this a regression?
Additional comments
No response