Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Replace optimist or otherwise avoid its vulnerability
See original GitHub issueThe dependency optimist depends on a vulnerable version of minimist (see https://npmjs.com/advisories/1179).
Despite having an issue and PR filed with optimist, since the last commit on optimist was 6 years ago, and since the package is deprecated (and it has also been awaiting a fix for a proper license specifier, making automated license audits problematic in the interim), it’d be really nice if you could drop the optimist dependency, perhaps using one of its suggested replacements (yargs, nomnom, or using minimist directly, though if the latter, I’d hope pegging against the maintained major bump).
(I personally like command-line-args, as one can use it with command-line-usage or my command-line-publish/command-line-basics tools to get documentation (both at the command line and as SVG, allowing embedding in a README) from a simple declarative schema.)
Thanks!
Issue Analytics
- State:
- Created 4 years ago
- Reactions:7
- Comments:8
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@debrice: Yes, thank you, but not every project is using Yarn.
Bump