mysticatea / cpx

A cli tool to watch and copy file globs.

MIT License

524 stars 36 forks source link

Fixed security issue and ci #49

Closed dorayakikun closed 4 years ago

dorayakikun commented 5 years ago

Fixed below issue. (and CI)

https://www.npmjs.com/advisories/786

codecov[bot] commented 5 years ago

Codecov Report

Merging #49 into master will increase coverage by 1.11%. The diff coverage is n/a.

@@            Coverage Diff             @@
##           master      #49      +/-   ##
==========================================
+ Coverage   83.93%   85.05%   +1.11%     
==========================================
  Files          17       17              
  Lines         610      562      -48     
==========================================
- Hits          512      478      -34     
+ Misses         98       84      -14

Impacted Files	Coverage Δ
lib/utils/apply-action.js	`62.5% <0%> (-1.39%)`	:arrow_down:
lib/utils/copy-file.js	`70.45% <0%> (-0.7%)`	:arrow_down:
lib/utils/watcher.js	`84.37% <0%> (+2.06%)`	:arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 692b67b...d44d882. Read the comment docs.

danielfigueiredo commented 5 years ago

👍 to see this landing, thanks for the PR! There are currently two duplicated issues related to this: https://github.com/mysticatea/cpx/issues/47 https://github.com/mysticatea/cpx/issues/48

dorayakikun commented 5 years ago

@mysticatea Could you review it?

antipalindrome commented 5 years ago

@mysticatea This would be great if we could get it. This is the only thing erroring on my audits!

marcospgp commented 5 years ago

@mysticatea Please have a look

TidyIQ commented 5 years ago

It seems like this project has been abandoned by @mysticatea

Perhaps you could fork this and create a new npm package?

bcomnes commented 5 years ago

I think declaring abandon is a leap since it’s still works perfectly well. My guess is it’s a matter of notification vs abandonment.

Has anyone tried reaching out via other channels yet?

McSam27 commented 5 years ago

Any updates on this? Is there a maintained fork? Or is there any news from mystic?

bcomnes commented 5 years ago

I emailed @mysticatea a few days ago but haven't heard back.

bcomnes commented 5 years ago

I never heard back. No problem.

In the meantime, I forked to cpx2 here: https://github.com/bcomnes/cpx2/pull/1/files

It still has the cpx bin name, so it can be swapped out without any changes to code bases. I use it on lots of things, so I'll try to keep it up to date as needed with greenkeeper and such. I don't have any large refactoring or plans to change it at all. Perhaps one day we can upstream the maintenance work ✌️

jsomsanith-tlnd commented 4 years ago

Hi, this PR hasn't moved since August. Do you have any idea when this will be merged/released ? Thank you for your time and work BTW :)

koresar commented 4 years ago

TL;DR: the solution is to remove unmaintined cpx and use identical but maintained cpx2.

Thanks @bcomnes

dorayakikun commented 4 years ago

I think it will be migrated to cpx2 in the future so that I will close it. Thanks to @bcomnes