npm-run-all icon indicating copy to clipboard operation
npm-run-all copied to clipboard

Published 20 hours ago verified publisher icon mysticatea

high severity vulnerability in cross-spawn

Open grybykm opened this issue 1 year ago • 3 comments
trafficstars 

# npm audit report

cross-spawn  <7.0.5
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275

"npm-run-all": "^4.1.5"

grybykm avatar Nov 18 '24 12:11 grybykm 

"overrides": {
  "cross-spawn": "~7.0.5"
}

Not a long-term fix by any means but the above will address the issue in absence of the fix.

soluml avatar Nov 18 '24 13:11 soluml

Is this project still maintained?

ramicohen303 avatar Nov 18 '24 16:11 ramicohen303

Is this project still maintained?

Wondering the same thing

TannerS avatar Nov 18 '24 18:11 TannerS

Is this project still maintained?

Nope it is not, this one is though:

https://www.npmjs.com/package/npm-run-all2

It seems like there have been multiple attempts to reach out to @mysticatea but he does not seem to reply. He is still commiting to repos and on those repos I see people discussing ownership of eslint-plugins as well. Seems like he just does not read his messages.

Jasperrr91 avatar Aug 21 '25 10:08 Jasperrr91