bin-wrapper is not maintained, can we depend on something else? #147

peterbe · 2023-09-20T16:44:42Z

👋 I'm new to this project and don't know much about the community behind it.
But I'm concerned about security vulnerability reports coming from deep dependencies. In particular semver-regex

This is how it gets used:

❯ npm ls semver-regex
...
└─┬ [email protected]
  └─┬ [email protected]
    └─┬ [email protected]
      └─┬ [email protected]
        └─┬ [email protected]
          └─┬ [email protected]
            └── [email protected]

Poking around, it seems the buck stops with bin-wrapper.
Last commit on that repo was November 2018.

Can we omit/replace bin-wrapper and use something more maintained?

The text was updated successfully, but these errors were encountered:

peterbe · 2023-09-20T16:51:48Z

Perhaps https://www.npmjs.com/package/@mole-inc/bin-wrapper

This is a fork of kevva/bin-wrapper.

...it says :)

Fixes imagemin#147

peterbe added a commit to peterbe/gifsicle-bin that referenced this issue Sep 20, 2023

switch to @mole-inc/bin-wrapper

0d44d52

Fixes imagemin#147

peterbe linked a pull request Sep 20, 2023 that will close this issue

Switch to @mole-inc/bin-wrapper #148

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bin-wrapper is not maintained, can we depend on something else? #147

bin-wrapper is not maintained, can we depend on something else? #147

peterbe commented Sep 20, 2023

peterbe commented Sep 20, 2023

bin-wrapper is not maintained, can we depend on something else? #147

bin-wrapper is not maintained, can we depend on something else? #147

Comments

peterbe commented Sep 20, 2023

peterbe commented Sep 20, 2023