Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

npm audit issue with underscore.string

See original GitHub issue

Not sure if this is an issue with this package to deal with or one lower, but I figured I’d start here. 😃 npm audit reveals two issues with this package related to underscore.string:

handlebars-helpers > helper-markdown > remarkable > argparse > underscore.string

Issue Analytics

State:
Created 5 years ago
Reactions:3
Comments:7 (7 by maintainers)

Top GitHub Comments

1reaction

jonschlinkertcommented, Feb 12, 2019

They are not using 1.0.0 of argparse, so the blame is with them. I think. 😉

argparse > underscore.string

The problem is without a doubt with argparse.

Newer versions of argparse might not be using underscore.string, but they should (and can easily) do a patch of an older version of argparse so that all users receive the patch. If it’s patched in argparse, then it will automatically be used in all downstream libraries unless they are version locked.

0reactions

jonschlinkertcommented, Feb 12, 2019

Yes, one would file an issue with argparse. If it’s not fixed in argparse, then every single minor and major version of every package that uses argparse will need to release a patch.

Edit: also, to be clear, this issue does not have any impact on handlebars-helpers, since the affected code is not used (argparse is only used in the remarkable CLI, which is not exposed anywhere on the API)