Project dead/unmaintained? Please archive 🙏🏼

[svenjacobs]

Hello, it seems this project is dead/unmaintained? Last commit was five years ago. There was never a version beyond 1.0.0 which was released on Jan 22, 2018. There are a few open issues and feature requests. Although the application still may work as expected, five years of no updates also means five years old npm dependencies. This is the output of npm audit:

# npm audit report

ajv  <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix`
node_modules/ajv
  har-validator  3.3.0 - 5.1.0
  Depends on vulnerable versions of ajv
  node_modules/har-validator
    request  >=2.16.0
    Depends on vulnerable versions of extend
    Depends on vulnerable versions of har-validator
    Depends on vulnerable versions of hawk
    Depends on vulnerable versions of http-signature
    Depends on vulnerable versions of qs
    Depends on vulnerable versions of stringstream
    node_modules/request
      coveralls  2.8.0 - 2.13.3
      Depends on vulnerable versions of js-yaml
      Depends on vulnerable versions of minimist
      Depends on vulnerable versions of request
      node_modules/coveralls

ansi-regex  3.0.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/nyc/node_modules/string-width/node_modules/ansi-regex
  strip-ansi  
  Depends on vulnerable versions of ansi-regex
  node_modules/nyc/node_modules/string-width/node_modules/strip-ansi
    string-width  2.1.0 - 2.1.1
    Depends on vulnerable versions of strip-ansi
    node_modules/nyc/node_modules/string-width

braces  <=2.3.0
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
Regular Expression Denial of Service (ReDoS) in braces - https://github.com/advisories/GHSA-cwfw-4gq5-mrqx
Depends on vulnerable versions of expand-range
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/nyc/node_modules/braces
  micromatch  0.2.0 - 2.3.11
  Depends on vulnerable versions of braces
  Depends on vulnerable versions of parse-glob
  node_modules/nyc/node_modules/micromatch
    nyc  5.0.0 - 13.3.0
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of mkdirp
    Depends on vulnerable versions of test-exclude
    Depends on vulnerable versions of yargs-parser
    node_modules/nyc
    test-exclude  <=4.2.3
    Depends on vulnerable versions of micromatch
    node_modules/nyc/node_modules/test-exclude

cryptiles  <=4.1.1
Severity: critical
Insufficient Entropy in cryptiles - https://github.com/advisories/GHSA-rq8g-5pc5-wrhr
Depends on vulnerable versions of boom
fix available via `npm audit fix`
node_modules/cryptiles
  hawk  <=9.0.0
  Depends on vulnerable versions of boom
  Depends on vulnerable versions of cryptiles
  Depends on vulnerable versions of hoek
  Depends on vulnerable versions of sntp
  node_modules/hawk

diff  <3.5.0
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-h6ch-v84p-w6p9
fix available via `npm audit fix`
node_modules/diff
  mocha  0.14.0 - 6.2.2 || 7.0.0-esm1 - 7.1.0
  Depends on vulnerable versions of diff
  Depends on vulnerable versions of glob
  Depends on vulnerable versions of mkdirp
  node_modules/mocha
  ts-node  <=1.3.0
  Depends on vulnerable versions of diff
  Depends on vulnerable versions of minimist
  Depends on vulnerable versions of mkdirp
  node_modules/ts-node
  tslint  3.4.0-dev.1 - 4.0.0-dev.3
  Depends on vulnerable versions of diff
  Depends on vulnerable versions of glob
  Depends on vulnerable versions of js-yaml
  Depends on vulnerable versions of minimatch
  Depends on vulnerable versions of resolve
  node_modules/tslint

extend  3.0.0 - 3.0.1
Severity: moderate
Prototype Pollution in extend - https://github.com/advisories/GHSA-qrmc-fj45-qfc2
fix available via `npm audit fix`
node_modules/extend

glob-parent  <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/nyc/node_modules/glob-parent
  glob-base  *
  Depends on vulnerable versions of glob-parent
  node_modules/nyc/node_modules/glob-base
    parse-glob  >=2.1.0
    Depends on vulnerable versions of glob-base
    node_modules/nyc/node_modules/parse-glob

handlebars  <=4.7.6
Severity: critical
Prototype Pollution in handlebars - https://github.com/advisories/GHSA-q42p-pg8m-cqh6
Arbitrary Code Execution in handlebars - https://github.com/advisories/GHSA-q2c6-c6pm-g3gh
Prototype Pollution in handlebars - https://github.com/advisories/GHSA-g9r4-xpmj-mj65
Arbitrary Code Execution in handlebars - https://github.com/advisories/GHSA-2cf5-4w76-r9qv
Denial of Service in handlebars - https://github.com/advisories/GHSA-f52g-6jhx-586p
Remote code execution in handlebars when compiling templates - https://github.com/advisories/GHSA-f2jv-r9rf-7988
Prototype Pollution in handlebars - https://github.com/advisories/GHSA-w457-6q6x-cgp9
Prototype Pollution in handlebars - https://github.com/advisories/GHSA-765h-qjxv-5f44
Arbitrary Code Execution in Handlebars - https://github.com/advisories/GHSA-3cqr-58rm-57f8
Regular Expression Denial of Service in Handlebars - https://github.com/advisories/GHSA-62gr-4qp9-h98f
Depends on vulnerable versions of optimist
fix available via `npm audit fix`
node_modules/nyc/node_modules/handlebars
  istanbul-reports  
  Depends on vulnerable versions of handlebars
  node_modules/nyc/node_modules/istanbul-reports


hoek  <4.2.1
Severity: moderate
Prototype Pollution in hoek - https://github.com/advisories/GHSA-jp4x-w63m-7wgm
fix available via `npm audit fix`
node_modules/hoek
  boom  <=3.1.2
  Depends on vulnerable versions of hoek
  node_modules/boom
  node_modules/cryptiles/node_modules/boom
  sntp  0.0.0 || 0.1.1 - 2.0.0
  Depends on vulnerable versions of hoek
  node_modules/sntp

hosted-git-info  <2.8.9
Severity: moderate
Regular Expression Denial of Service in hosted-git-info - https://github.com/advisories/GHSA-43f8-2h32-f4cj
fix available via `npm audit fix`
node_modules/nyc/node_modules/hosted-git-info
  normalize-package-data  
  Depends on vulnerable versions of hosted-git-info
  node_modules/nyc/node_modules/normalize-package-data
    read-pkg  
    Depends on vulnerable versions of normalize-package-data
    node_modules/nyc/node_modules/read-pkg

js-yaml  <=3.13.0
Severity: high
Denial of Service in js-yaml - https://github.com/advisories/GHSA-2pr6-76vf-7546
Code Injection in js-yaml - https://github.com/advisories/GHSA-8j8c-7jfh-h6hx
fix available via `npm audit fix`
node_modules/js-yaml

json-schema  <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
  jsprim  0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
  Depends on vulnerable versions of json-schema
  node_modules/jsprim

lodash  <=4.17.20
Severity: critical
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-4xc9-xhrj-v574
Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix`
node_modules/nyc/node_modules/lodash
  babel-generator  <=6.8.0 || 6.26.0 - 6.26.1
  Depends on vulnerable versions of babel-types
  Depends on vulnerable versions of lodash
  node_modules/nyc/node_modules/babel-generator
    istanbul-lib-instrument  
    Depends on vulnerable versions of babel-generator
    Depends on vulnerable versions of babel-template
    Depends on vulnerable versions of babel-traverse
    Depends on vulnerable versions of babel-types
    node_modules/nyc/node_modules/istanbul-lib-instrument
  babel-template  <=6.8.0 || 6.26.0
  Depends on vulnerable versions of babel-traverse
  Depends on vulnerable versions of babel-types
  Depends on vulnerable versions of lodash
  node_modules/nyc/node_modules/babel-template
  babel-traverse  <=6.8.0 || 6.26.0
  Depends on vulnerable versions of babel-types
  Depends on vulnerable versions of lodash
  node_modules/nyc/node_modules/babel-traverse
  babel-types  <=6.8.1
  Depends on vulnerable versions of lodash
  node_modules/nyc/node_modules/babel-types

mem  <4.0.0
Severity: moderate
Denial of Service in mem - https://github.com/advisories/GHSA-4xcv-9jjx-gfj3
fix available via `npm audit fix`
node_modules/nyc/node_modules/mem
  os-locale  2.0.0 - 3.0.0
  Depends on vulnerable versions of mem
  node_modules/nyc/node_modules/os-locale
    yargs  8.0.0-candidate.0 - 12.0.5
    Depends on vulnerable versions of os-locale
    Depends on vulnerable versions of string-width
    Depends on vulnerable versions of y18n
    Depends on vulnerable versions of yargs-parser
    node_modules/nyc/node_modules/yargs

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch
node_modules/nyc/node_modules/minimatch
  glob  3.0.0 - 5.0.14
  Depends on vulnerable versions of minimatch
  node_modules/glob
  node_modules/nyc/node_modules/glob
    rimraf  2.3.0 - 2.4.1
    Depends on vulnerable versions of glob
    node_modules/nyc/node_modules/rimraf

minimist  <=0.2.3 || 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/minimist
node_modules/mkdirp/node_modules/minimist
node_modules/nyc/node_modules/minimist
  mkdirp  0.4.1 - 0.5.1
  Depends on vulnerable versions of minimist
  node_modules/mkdirp
  node_modules/nyc/node_modules/mkdirp
    caching-transform  
    Depends on vulnerable versions of mkdirp
    node_modules/nyc/node_modules/caching-transform
    find-cache-dir  
    Depends on vulnerable versions of mkdirp
    node_modules/nyc/node_modules/find-cache-dir
    istanbul-lib-source-maps  
    Depends on vulnerable versions of mkdirp
    node_modules/nyc/node_modules/istanbul-lib-source-maps
    spawn-wrap  
    Depends on vulnerable versions of mkdirp
    node_modules/nyc/node_modules/spawn-wrap
  optimist  >=0.6.0
  Depends on vulnerable versions of minimist
  node_modules/nyc/node_modules/optimist

path-parse  <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/nyc/node_modules/path-parse
node_modules/path-parse
  istanbul-lib-report  
  Depends on vulnerable versions of mkdirp
  Depends on vulnerable versions of path-parse
  node_modules/nyc/node_modules/istanbul-lib-report
  resolve  
  Depends on vulnerable versions of path-parse
  node_modules/resolve

pathval  <1.1.1
Severity: high
Prototype pollution in pathval - https://github.com/advisories/GHSA-g6ww-v8xp-vmwg
fix available via `npm audit fix`
node_modules/pathval
  chai  
  Depends on vulnerable versions of pathval
  node_modules/chai

qs  6.5.0 - 6.5.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/qs

randomatic  <3.0.0
Cryptographically Weak PRNG in randomatic - https://github.com/advisories/GHSA-6g33-f262-xjp4
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/nyc/node_modules/randomatic
  fill-range  1.0.0 - 2.2.3
  Depends on vulnerable versions of randomatic
  node_modules/nyc/node_modules/fill-range
    expand-range  1.0.0 - 1.7.0
    Depends on vulnerable versions of fill-range
    node_modules/nyc/node_modules/expand-range

sshpk  <1.13.2
Severity: high
Regular Expression Denial of Service in sshpk - https://github.com/advisories/GHSA-2m39-62fm-q8r3
fix available via `npm audit fix`
node_modules/sshpk
  http-signature  
  Depends on vulnerable versions of jsprim
  Depends on vulnerable versions of sshpk
  node_modules/http-signature

stringstream  <0.0.6
Severity: moderate
Out-of-bounds Read in stringstream - https://github.com/advisories/GHSA-mf6x-7mm4-x2g7
fix available via `npm audit fix`
node_modules/stringstream

y18n  <3.2.2
Severity: high
Prototype Pollution in y18n - https://github.com/advisories/GHSA-c4w7-xm78-47vh
fix available via `npm audit fix`
node_modules/nyc/node_modules/y18n

yargs-parser  6.0.0 - 13.1.1
Severity: moderate
yargs-parser Vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/nyc/node_modules/yargs-parser

65 vulnerabilities (5 low, 15 moderate, 25 high, 20 critical)

If there will be no further development, please archive the project so that we're aware of its state 🙏🏼

[pioug]

@alexjlockwood I am not a Android dev, but as a web dev, I can help with the basic chores to keep the package in shape if you accept.

[Drjacky]

@pioug Feel free to take a look at https://github.com/Drjacky/Avocado/