bin-wrapper uses bin-check (6 years old now) which uses execa 0.x that has security issues

[eturino]

Recently the bin-wrapper dependency was added, which then was modified to use the @mole-inc fork since that one is maintained.

This still uses bin-check which depends on execa 0.7 which has a vulnerability (OS Command Injection in execa)

https://www.npmjs.com/package/bin-check https://www.npmjs.com/package/execa

I've opened a ticket with mole-inc to see if they can fork bin-check as well and remove that old dependency https://github.com/mole-inc/bin-wrapper/issues/10

[mpsanchis]

I would be interested in this as well