eslint-plugin-node icon indicating copy to clipboard operation
eslint-plugin-node copied to clipboard

Published 20 hours ago verified publisher icon mysticatea

semver security warning

Open hildjj opened this issue 2 years ago • 3 comments

semver < 7.5.2 has vulnerability due to a ReDoS. You're currently on 6.1.0.

Please take a look at #345 at the same time.

hildjj avatar Jun 24 '23 18:06 hildjj

If upgrading to Semver 7 isn't possible, there is a V6 backfix available under a different package name: https://www.npmjs.com/package/@nicolo-ribaudo/semver-v6

Further discussion on backports can be found here: https://github.com/npm/node-semver/pull/564

SilPho avatar Jul 05 '23 11:07 SilPho

For others following this, I'm switching to https://github.com/eslint-community/eslint-plugin-n#readme wherever I can.

hildjj avatar Jul 05 '23 15:07 hildjj

Yeah eslint-plugin-n is the maintained version of this module. We switched to it in eg. eslint-config-standard / standard and it is maintained by the official ESLint community organization.

voxpelli avatar Aug 13 '23 12:08 voxpelli