Open bytestream opened 4 years ago
Safest option is to probably ditch optimist
and use minimist@0.2.1
directly
Comparison of current minimist
version against suggested
https://github.com/substack/minimist/compare/0.0.10...0.2.1
I was looking into submitting a PR that replaced optimist
with minimist
. Would you, the owner, prefer yargs
? Do you have a preference?
It does seem like minimist
doesn't have all the same stuff. The first thing I see that's missing is the usage
and describe
methods. Those could certainly be handled but maybe yargs
would be closer out of the box.
Another solution would be to move out the CLI (which most people doesn't use), see https://github.com/brianreavis/sifter.js/issues/58
For anyone who's given up the will to live with npm audit
notifications which most over-stretched open source library maintainers would argue only affect node applications and not web applications, I would suggest to integrate https://github.com/naugtur/npm-audit-resolver#readme
Just be careful you don't accidentally turn a blind eye to a real vulnerability...
https://github.com/advisories/GHSA-xvch-5gv4-984h the vulnerability is now a Critical.
For anyone looking at alternatives to Sifter, here are a few I've found:
https://github.com/substack/node-optimist is deprecated. The author seems to have no intention of maintaining the package.
I think
optimist
should be replaced withyargs
which has all the same functionality - https://github.com/yargs/yargs/blob/master/docs/examples.md#even-more-shiver-me-timbersAlternatively,
optimist
should be forked andminimist
version bumped to0.2.1
.