search

jednano / eclint

Validate or fix code that doesn't adhere to EditorConfig settings or infer settings from existing code.
MIT License
305 stars 28 forks source link

eclint has reported vulnerabilities #139

Closed ljharb closed 6 years ago

ljharb commented 6 years ago

npm audit reports tons of vulnerabilities via gulp-reporter (why is anything gulp-related a runtime dep?).

Can gulp-reporter (and all the gulp deps) be moved from deps to devDeps, since you only use it in tests?

gucong3000 commented 6 years ago

npm audit reports tons of vulnerabilities via gulp-reporter

Witch version of eclint you are using? I remember the problem was fixed.

why is anything gulp-related a runtime dep?

eclint is a gulp plugin but without name prefix gulp-

Can gulp-reporter (and all the gulp deps) be moved from deps to devDeps,

It will use for CLI to show report to console.

ljharb commented 6 years ago

I'm using v2.7.0, and the issues are still reported by npm audit.

Gulp seems like a very heavyweight dependency just to output stuff to the console :-/

gucong3000 commented 6 years ago

I'm using v2.7.0, and the issues are still reported by npm audit.

Can you post report to here?

gucong3000 commented 6 years ago

Gulp seems like a very heavyweight dependency

No. we just use vinyl-fs & vinyl.

ljharb commented 6 years ago

hmm - i removed node_modules and then reinstalled and made a package-lock, and still saw the errors - but now when i try, the issues are indeed fixed. My apologies for the false positive!