plugin-plugins icon indicating copy to clipboard operation
plugin-plugins copied to clipboard
verified publisher icon oclif

@oclif/plugin-plugins is using outdated package @npmcli/move-file

Open prasad0612 opened this issue 2 months ago • 1 comments

Describe the bug Our thirdparty code scan flagged a security vulnerability that @oclif/plugin-plugins -> npm -> @npmcli/arberos -> @npmcli/move-file has reached end of life. I tried installing latest @oclif/plugin-plugins but it is still downloading @npmcli/move-file into node_modules folder.

To Reproduce Steps to reproduce the behavior: Just install latest @oclif/plugin-plugins and check node_modules folder for @npmcli/move-file library.

Expected behavior @oclif/plugin-plugins should not use @npmcli/move-file, it should use @npmcli/fs. Or upgrade npm dependency may be.

Screenshots If applicable, add screenshots to help explain your problem.

Environment (please complete the following information):

  • OS & version: Any OS.

Additional context Add any other context about the problem here.

prasad0612 avatar Oct 13 '25 10:10 prasad0612

This issue has been linked to a new work item: W-19880985

git2gus[bot] avatar Oct 13 '25 11:10 git2gus[bot]