node-markdown-spellcheck icon indicating copy to clipboard operation
node-markdown-spellcheck copied to clipboard

Published 20 hours ago verified publisher icon lukeapage

Is this still being maintained?

Open amimas opened this issue 6 years ago • 9 comments

Just want to know if this is a stale project.

amimas avatar Feb 08 '19 00:02 amimas

@lukeapage - would you be able to provide a quick update? It's understandable if you don't have the bandwidth to maintain this project. Maybe others can help with the maintenance.

amimas avatar Feb 17 '19 15:02 amimas

Hi, not really.. the problem is I don’t use it. @robatwilliams also has permission to merge as I believe they use it

lukeapage avatar Feb 18 '19 06:02 lukeapage

It is in use by the company I work for, as part of our website's publishing toolchain. While that toolchain is in regular use, it's "done" and working - not undergoing development at the moment. If an issue arises in this project that affects that toolchain, it'd probably be seen to fairly quickly.

If there's anything in particular that needs fixing, I'd be happy to try and find if we have someone who's not busy and who would be able to merge any PRs and do a release.

robatwilliams avatar Feb 18 '19 19:02 robatwilliams

@robatwilliams @lukeapage Hi there, there's something that needs fixing, yes, a moderate security flaw was discovered on marked, a dependency of this project. Please update it to v0.7.0.

~~Would it help if I made a PR?~~ Here's the PR that fixes it. Can one of you review/merge it?

dialex avatar Sep 19 '19 17:09 dialex

Hi, thanks for bringing this up. I'm not the owner of the repo, so didn't receive a security notification from GitHub.

We specify ^0.3.5, anyone installing it will get 0.7.0 so I'm not sure this is much of a concern for this project. Correct me if I'm wrong. So I don't see reason to do a release right now. Thanks for the PR.

I see there have been many breaking changes to marked since the 0.3.5 version that was originally installed in this project. I'm not sure how significant they are, given that the project isn't using semantic versioning.

robatwilliams avatar Sep 19 '19 18:09 robatwilliams

We specify ^0.3.5, anyone installing it will get 0.7.0 so I'm not sure this is much of a concern for this project. Correct me if I'm wrong. So I don't see reason to do a release right now. Thanks for the PR.

Not really, with ^0.3.5 you will get all patch updates -- in this specific case you will get up to 0.3.19. The security flaw was only patched at 0.6.3. In the meantime, we are at risk.

Screenshot 2019-09-19 at 19 11 50

dialex avatar Sep 19 '19 18:09 dialex

Let's continue this discussion on the PR, as it's not the subject of this issue.

robatwilliams avatar Sep 19 '19 18:09 robatwilliams

hi, i did some work on updating all dependencies, and migrating some code, and overall cleanup

https://github.com/lukeapage/node-markdown-spellcheck/pull/135

some of tests on master do not work (due to weird usage of promises)

recently we started using it at typescript-eslint and i'd like to hear some feedback about my changes.

armano2 avatar Dec 22 '19 21:12 armano2

Just FYI, I found what appears to be a maintained library that matches the functionality of this one: https://www.npmjs.com/package/spellchecker-cli

jeffgore00 avatar Mar 28 '21 18:03 jeffgore00