Security vulnerability in import-sort-cli

renke / import-sort

Sort ES2015 (aka ES6) imports. Both JavaScript and TypeScript are supported.

ISC License

466 stars 73 forks source link

Open jtart opened 4 years ago

jtart commented 4 years ago

There is a low level security vulnerability in the yargs library that is used in the import-sort-cli. Bumping to latest should fix the issue.

Screenshot from using npm audit

haysclark commented 4 years ago

taybin commented 4 years ago

This library hasn't been updated since 2019. Maybe it needs a fork to fix the security issues in its dependencies?