react-scripts-ts is vulnerable

microsoft / TypeScript-React-Starter

A starter template for TypeScript and React with a detailed README describing how to use the two together.

MIT License

11.09k stars 1.21k forks source link

react-scripts-ts is vulnerable #250

Closed JukoPowel closed 5 years ago

JukoPowel commented 5 years ago

react-scripts-ts newest version uses webpack-dev-server@3.1.9, which is vulnerable version. There is no public repository for react-scripts-ts, so I report it here, since You recommend to use this package.

TomasHubelbauer commented 5 years ago

This is the repository you are referring to: https://github.com/wmonk/create-react-app-typescript

It has been marked as obsolete and should not be used anymore. CRA 2 has TypeScript support and this guide should probably be updated to recommend using that.

JukoPowel commented 5 years ago

Thank You for quick response. I found useful migration guide: https://vincenttunru.com/migrate-create-react-app-typescript-to-create-react-app/

Issue may be closed.

gasparsigma commented 5 years ago

Hi Tomas, the README.md still refers to create-react-app my-app --scripts-version=react-scripts-ts which will installl react-scripts-ts which still has the vulnerability. It should be updated to create-react-app my-app --typescript like you said, but then the guide will not match with the files generated, it should still be addressed.