Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Publish New NPM version for Node-Static

See original GitHub issue

Hey 👋 I notice its been a while since a new version of node-static has been pushed to NPM, and the version that currently exists there contains the package minimist which has a (github advisory) for it. This package was being used which is used by a package in this project called optimist. In this pull request, @brettz9 removed optimist to resolve this vulnerability. As a result, publishing a new version of node-static will ensure that all users of this package will use a safe version by default.

cc @cloudhead

Issue Analytics

  • State:open
  • Created 2 years ago
  • Reactions:17
  • Comments:12 (1 by maintainers)

github_iconTop GitHub Comments

2reactions
brettz9commented, Mar 31, 2022

If you look at https://www.npmjs.com/package/node-static , it was last published 4 years ago, and the latest version is 0.7.11.

If you use the “blame” feature for the file defining the version, you can see a commit from 12 months ago where it was changed from var to const (but still listing 0.7.9) at the time.

Thus, the version just hadn’t been updated despite subsequent releases up to 0.7.11

As to why there is a const, etc., there have been (many) changes on master since that time and we are awaiting a new publishing. The project owner still needs to give final approval on these changes, so these many changes have not been published to npm yet.

FWIW, some of the changes are available on my fork, @brettz9/node-static (using a different (smaller) versioning number as it is an independent project), but as the author of the regular node-static here eventually replied granting access to the project with openness to including my changes, I resumed work here.

0reactions
francoisihrycommented, Sep 27, 2022

Thank you @brettz9 we look forward for a new version to be released so that we can easily integrate the fix.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Updating your published package version number - npm Docs
To change the version number in package.json , on the command line, in the package root directory, run the following command, replacing <update_type>...
Read more >
node-static - npm
simple, compliant file streaming module for node. Latest version: 0.7.11, last published: 4 years ago. Start using node-static in your ...
Read more >
@types/node-static - npm
Latest version : 0.7.7, last published: a year ago. Start using @types/node-static in your project by running `npm i @types/node-static`.
Read more >
npm-publish - npm Docs
npm -publish. Publish a package. Select CLI Version: Version 8.19.3 (Legacy Release).
Read more >
npm-publish - npm Docs
Publish a package. ... npm-publish. Publish a package. Select CLI Version: ... By default, npm publish updates and npm install installs the latest...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Idea: expect(getAccessibilityTree(page)).toMatchInlineSnapshot()

Next page

New fork resolving vulnerabilities and incorporating most current PRs