Open peterbe opened 12 months ago
👋 I'm new to this project and don't know much about the community behind it. But I'm concerned about security vulnerability reports coming from deep dependencies. In particular semver-regex
semver-regex
This is how it gets used:
❯ npm ls semver-regex ... └─┬ imagemin-gifsicle@7.0.0 └─┬ gifsicle@5.3.0 └─┬ bin-wrapper@4.1.0 └─┬ bin-version-check@4.0.0 └─┬ bin-version@3.1.0 └─┬ find-versions@3.2.0 └── semver-regex@2.0.0
Poking around, it seems the buck stops with bin-wrapper. Last commit on that repo was November 2018.
bin-wrapper
Can we omit/replace bin-wrapper and use something more maintained?
Perhaps https://www.npmjs.com/package/@mole-inc/bin-wrapper
This is a fork of kevva/bin-wrapper.
...it says :)
👋 I'm new to this project and don't know much about the community behind it. But I'm concerned about security vulnerability reports coming from deep dependencies. In particular
semver-regex
This is how it gets used:
Poking around, it seems the buck stops with
bin-wrapper
. Last commit on that repo was November 2018.Can we omit/replace
bin-wrapper
and use something more maintained?