Closed mcmxcdev closed 3 months ago
I'd take that warning with a grain of salt. Just because a package hasn't been updated in a while, is that really a problem?
I've been writing code for Node.js for more than a decade now, and the child_process
API has been quite stable for a while.
It's probably why spawn-command didn't need to update either.
See also: https://fagnerbrack.com/how-the-fuck-did-we-get-here-b9bac6ba7a0f
On another note, we briefly played with using a different package to spawn commands between v3.0.0 to v3.2.0. It was causing a couple of issues, so if we're to use a different package at all -- I'd like it to address #69. cc @paescuj
An old package itself is not a problem as long as it doesn't pull in any dependencies itself which become outdated, contain CVEs etc. Doesn't seem to be an issue with spawn-command
from a quick look into our lockfile.
I simply opened this issue to raise awareness about it. If it is looked at and the conclusion is that everything is fine, even better :)
Hi folks, this is now done in v9.0.0. https://github.com/open-cli-tools/concurrently/releases/tag/v9.0.0
We recently started using https://socket.dev/ as part of our dependencies maintenance and it flagged
spawn-command
as problematic due to it being unmaintained: https://socket.dev/npm/package/spawn-commandThe last release was 8 years ago, so there's probably other solutions out there or even can be written with native Node.js nowadays.