NPM audit fails with moderate vulnerability

[on-delete]

Hey, npm audit currently shows a moderate vulnerability for your package html-webpack-externals-plugin, because of a vulnerability in the serialize-javascript package within the copy-webpack-plugin package. Maybe you should consider updating either the copy-webpack-plugin package or the serialize-javascript package to resolve this.

npm audit output:

Moderate Cross-Site Scripting
Package serialize-javascript
Patched in >=2.1.1 Dependency of html-webpack-externals-plugin Path html-webpack-externals-plugin > copy-webpack-plugin > serialize-javascript
More info https://npmjs.com/advisories/1426

[algra]

copy-webpack-plugin dependency should be updated to 5.1.0 or later, this is the version when serialize-javascript dependency was updated from 2.1.0 to 2.1.2.

@mmiller42 would you, please, check it?

[lazarmitic]

Any updates on this?

[mmiller42]

See the note in the readme: https://github.com/mmiller42/html-webpack-externals-plugin#-deprecated-

This module has not been maintained for years. It doesn't work with newer major versions of webpack beyond 3 or 4 and I expect it might not even work in modern Node.js runtime environments. I strongly recommend you find a better-maintained alternative. I listed two really great solutions which are actually created by jharris4, the same brilliant author of the copy-webpack-plugin that I used for this plugin!

• html-webpack-tags-plugin
• html-webpack-deploy-plugin.