npm-upgrade
npm-upgrade copied to clipboard
th0r
[FEATURE] Recent update warning
This feature was suggested by Issue #80, I have implemented it on my fork. What has been asked is basically to add a warning if a package was pushed recently, to prevent package hijacking and malwares.
What I have done to implement it:
- Everytime a dependency is prompted, it will fetch https://registry.npmjs.com/:package to fetch the version's publication date
- Will check if 3 days have passed since the last publish
- If not then it will throw an error, a warning or an info telling the user the package was pushes recently and that they should be careful when upgrading.
This has been tested with some recently pushed packages and it works as expected. I will be available during the next few days to edit if any review requires changes.
hi, @IchiiDev !
PRs here are quite stuck, hence maybe make an independent project began from the fork ? Seems that this one could be a nice start.
I have a huge issue when being at bad network environments and almost cannot npm-upgrade at all, therefore willin' to commit some code into there asap.
I'm going to send an email directly to @th0r to suggest giving ownership/management to someone else, both on the NPM registery and GitHub. If no answers ensues I will try and send a ticket to NPM's support to request ownership due to inactivity. 😄
I'm going to send an email directly to @th0r to suggest giving ownership/management to someone else, both on the NPM registery and GitHub. If no answers ensues I will try and send a ticket to NPM's support to request ownership due to inactivity. 😄
Nice! Tag me here, please, with any news!