banner-cli icon indicating copy to clipboard operation
banner-cli copied to clipboard
verified publisher icon cjpatoilo

update dev dependencies

Open borracciaBlu opened this issue 6 years ago • 2 comments

borracciaBlu avatar Dec 17 '19 12:12 borracciaBlu

on npm audit:

found 9 vulnerabilities (2 low, 2 moderate, 4 high, 1 critical)

these apparently are related to marshmallow and inject-ga.

I see that these two package are not strictly related to the package and are used only on deploy:

"deploy": "marshmallow -o docs -i artwork.psd -f -m && inject-ga docs/index.html -o docs/index.html -c 'UA-24389952-13' && boeing docs && rimraf docs",

If i may, i would suggest to remove the two packages and in deploy use instead npx:

"deploy": "npx marshmallow -o docs -i artwork.psd -f -m && npx inject-ga docs/index.html -o docs/index.html -c 'UA-24389952-13' && npx boeing docs && rimraf docs",

borracciaBlu avatar Dec 17 '19 12:12 borracciaBlu

In here i got a working prototype https://github.com/borracciaBlu/banner-cli/commit/aed3ea87956680a68d7de53f3898fc7308bfc29a

additional benefit of npx you don't have to keep update these packages all the times because npx is going to use the latest version

borracciaBlu avatar Dec 18 '19 11:12 borracciaBlu