bin-wrapper icon indicating copy to clipboard operation
bin-wrapper copied to clipboard

Published 20 hours ago verified publisher icon kevva

This package needs a new maintainer - or an archive-flag

Open infabo opened this issue 4 years ago • 11 comments

This project is stale. No PRs merged since 2018, no commits since 2018. No communication on any issues by the repository-owner. I guess this project should be handed over to a new maintainer or at least should be marked "archived".

infabo avatar Oct 30 '20 10:10 infabo

@kevva ?

rogeriorc avatar Jan 04 '22 19:01 rogeriorc

@sindresorhus @1000ch: is there any chance we could update this package?

Most imagemin bin packages are using it and there are plenty of improvements we could make. I can make a few PRs later to help out.

XhmikosR avatar Jan 12 '22 09:01 XhmikosR

I would like to take over the maintainer of this package if I have a chance/permission.

1000ch avatar Jan 12 '22 10:01 1000ch

I made https://github.com/kevva/bin-wrapper/compare/master...XhmikosR:dev and seems to work good. I could use more eyes, but happy to open a PR.

XhmikosR avatar Jan 12 '22 15:01 XhmikosR

@1000ch I think the only solution would be if someone forked and published new scoped packages. I don't have the time to maintain these packages, but I've made PRs updating a lot of things:

  • https://github.com/kevva/decompress/pull/95
  • https://github.com/kevva/download/pull/220
  • https://github.com/kevva/bin-wrapper/pull/80

Feel free to cherry pick the patches and publish new packages if you are up to it :)

Just drop a message here and the other repos so that people see it and switch.

XhmikosR avatar Jan 13 '22 09:01 XhmikosR

@kevva can we get some of this moved along somehow? These pending updates are keeping downstream packages vulnerable which is quite disappointing.

kingthorin avatar Mar 02 '22 14:03 kingthorin

How do we move forward from this in case @kevva is no longer available? Hi @sindresorhus, any chance we can have this updated to the latest dependencies? Thank you!

genediazjr avatar Jun 05 '22 07:06 genediazjr

There is the fork https://www.npmjs.com/package/@mole-inc/bin-wrapper , but I don't know how well it is maintained.

apepper avatar Nov 14 '22 09:11 apepper

Same here. This fork seems to be actively maintained.

brodo avatar Jan 31 '23 12:01 brodo

The problem is dependency chains and getting other package maintainers to adapt.

kingthorin avatar Jan 31 '23 13:01 kingthorin

I just published @xhmikosr/bin-wrapper.

It doesn't help with other packages using the package out there, but at least if everything works well, the security vulnerabilities should be gone.

Note that I don't have the bandwidth to make any improvements, but if someone spots any new bugs in my packages, feel free to make a PR.

XhmikosR avatar Mar 15 '23 07:03 XhmikosR