search

sendwithus / sendwithus_nodejs

Sendwithus NodeJS Client
https://www.sendwithus.com
Apache License 2.0
22 stars 17 forks source link

restler dependency is very outdated #49

Closed matthewmayer closed 3 years ago

matthewmayer commented 3 years ago

Client version

4.3.2

Expected behaviour

installing sendwithus installs a minimal number of packages.

Actual behaviour

npm i sendwithus depends on restler, which hasnt been updated for 6 years, and depends on a large number of packages, many of which report security issues.

up to date, audited 314 packages in 8s

33 vulnerabilities (11 low, 13 moderate, 8 high, 1 critical)

To address all issues, run:
  npm audit fix

Suggest to switch from restler to something like node-fetch

Steps to reproduce

npm i sendwithus

dlsteuer commented 3 years ago

@matthewmayer thanks for bringing this to our attention, we'll slot this in an upcoming sprint to update.