Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Replace optimist or otherwise avoid its vulnerability

See original GitHub issue

Issue Description

The dependency optimist depends on a vulnerable version of minimist (see

Despite having an issue and PR filed with optimist, since the last commit on optimist was 6 years ago, and since the package is deprecated (and it has also been awaiting a fix for a proper license specifier, making automated license audits problematic in the interim), it’d be really nice if you could drop the optimist dependency, perhaps using one of its suggested replacements (yargs, nomnom, or using minimist directly, though if the latter, I’d hope pegging against the maintained major bump).

(I personally like command-line-args, as one can use it with command-line-usage or my command-line-publish/command-line-basics tools to get documentation (both at the command line and as SVG, allowing embedding in a README) from a simple declarative schema.)


Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:7
  • Comments:8

github_iconTop GitHub Comments

brettz9commented, Apr 25, 2020

@debrice: Yes, thank you, but not every project is using Yarn.

dschamcommented, May 22, 2020


Read more comments on GitHub >

github_iconTop Results From Across the Web

Fixing security vulnerabilities in npm dependencies in less ...
In order to find potential vulnerabilities in your repo, you can either do ... 3.1) First npm install the non-vulnerable version, which in...
Read more >
Researchers have found a really good reason not to be an ...
Optimism isn't merely unhelpful at times—it can be pretty counterproductive.
Read more >
Ten Reasons to be Optimistic About Cybersecurity | BeyondTrust
Ten Reasons to be Optimistic About Cybersecurity · 1) Threat actors are one step ahead. · 2) Modern solutions are not keeping up...
Read more >
Optimism and Its Impact on Mental and Physical Well-Being
The other is the engagement hypothesis theorizing that more optimistic individuals are more easily drawn to trying to resolve a problem while pessimists...
Read more >
Optimism: Definition, Signs, and How to Be Optimistic
Pessimists think in the opposite way. They believe that negative events are caused by their own mistakes or traits (internal). They believe that ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found