bin-wrapper is not maintained, can we depend on something else?
peterbe opened this issue Β· comments
Peter Bengtsson commented
π I'm new to this project and don't know much about the community behind it.
But I'm concerned about security vulnerability reports coming from deep dependencies. In particular semver-regex
This is how it gets used:
β― npm ls semver-regex
...
βββ¬ imagemin-gifsicle@7.0.0
βββ¬ gifsicle@5.3.0
βββ¬ bin-wrapper@4.1.0
βββ¬ bin-version-check@4.0.0
βββ¬ bin-version@3.1.0
βββ¬ find-versions@3.2.0
βββ semver-regex@2.0.0
Poking around, it seems the buck stops with bin-wrapper
.
Last commit on that repo was November 2018.
Can we omit/replace bin-wrapper
and use something more maintained?
Peter Bengtsson commented
Perhaps https://www.npmjs.com/package/@mole-inc/bin-wrapper
This is a fork of kevva/bin-wrapper.
...it says :)