ActiveFileInStatusBar
ActiveFileInStatusBar copied to clipboard
Published
20 hours ago •
RoscoP
RoscoP
Is this project still supported/maintained?
Dependencies are outdate and they have security vulnerabilities.
Take a look at this:
npm i
npm WARN deprecated [email protected]: This package is deprecated in favor of @types/vscode and vscode-test. For more information please read: https://code.visualstudio.com/updates/v1_36#_splitting-vscode-package-into-typesvscode-and-vscodetest
npm WARN deprecated [email protected]: Jade has been renamed to pug, please install the latest version of pug instead of jade
npm WARN deprecated [email protected]: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated [email protected]: to-iso-string has been deprecated, use @segment/to-iso-string instead.
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated [email protected]: this library is no longer supported
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN [email protected] No license field.
added 334 packages from 498 contributors and audited 334 packages in 9.955s
22 packages are looking for funding
run `npm fund` for details
found 7 vulnerabilities (3 low, 1 moderate, 2 high, 1 critical)
run `npm audit fix` to fix them, or `npm audit` for details
Some vulnerabilities are critical:
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical │ Command Injection │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ growl │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.10.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ vscode [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ vscode > mocha > growl │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/146 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Tmp files readable by other users │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ sync-exec │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ copy-paste │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ copy-paste > sync-exec │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/310 │
└───────────────┴──────────────────────────────────────────────────────────────┘
Users of this package are in trouble. It would be great if you update the vulnerabilities and publish the update :) Thanks for the package :)
