arborrow
commented
2 years ago Looks like this has already been addressed with the following commit that pins colors to 1.4.0. - https://github.com/cli-table/cli-table3/commit/9079383556b853f814c7c016a9a2b76aeedefa9c
I will go ahead and close this issue.
I have reported this upstream in laravel-mix but also wanted to report it here. Given that colors is an optional dependency it may be best to simply remove it from this project. I read that colors and faker npm projects were both corrupted:
see https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
At the very least I would say ensure that this package specifies version 1.4.0 to prevent folks from downloading the corrupted version.