Open bytestream opened 4 years ago
bytestream
commented
4 years ago Safest option is to probably ditch optimist and use minimist@0.2.1 directly
Comparison of current minimist version against suggested
https://github.com/substack/minimist/compare/0.0.10...0.2.1
bunnymatic
commented
4 years ago I was looking into submitting a PR that replaced optimist with minimist. Would you, the owner, prefer yargs? Do you have a preference?
It does seem like minimist doesn't have all the same stuff. The first thing I see that's missing is the usage and describe methods. Those could certainly be handled but maybe yargs would be closer out of the box.
sandstrom
commented
3 years ago Another solution would be to move out the CLI (which most people doesn't use), see https://github.com/brianreavis/sifter.js/issues/58
bytestream
commented
3 years ago For anyone who's given up the will to live with npm audit notifications which most over-stretched open source library maintainers would argue only affect node applications and not web applications, I would suggest to integrate https://github.com/naugtur/npm-audit-resolver#readme
Just be careful you don't accidentally turn a blind eye to a real vulnerability...
acbramley
commented
1 year ago https://github.com/advisories/GHSA-xvch-5gv4-984h the vulnerability is now a Critical.
sandstrom
commented
1 year ago For anyone looking at alternatives to Sifter, here are a few I've found:
https://github.com/substack/node-optimist is deprecated. The author seems to have no intention of maintaining the package.
I think
optimistshould be replaced withyargswhich has all the same functionality - https://github.com/yargs/yargs/blob/master/docs/examples.md#even-more-shiver-me-timbersAlternatively,
optimistshould be forked andminimistversion bumped to0.2.1.