You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'd take that warning with a grain of salt.
Just because a package hasn't been updated in a while, is that really a problem?
I've been writing code for Node.js for more than a decade now, and the child_process API has been quite stable for a while.
It's probably why spawn-command didn't need to update either.
On another note, we briefly played with using a different package to spawn commands between v3.0.0 to v3.2.0.
It was causing a couple of issues, so if we're to use a different package at all -- I'd like it to address #69. cc @paescuj
An old package itself is not a problem as long as it doesn't pull in any dependencies itself which become outdated, contain CVEs etc. Doesn't seem to be an issue with spawn-command from a quick look into our lockfile.
I simply opened this issue to raise awareness about it. If it is looked at and the conclusion is that everything is fine, even better :)
We recently started using https://socket.dev/ as part of our dependencies maintenance and it flagged
spawn-command
as problematic due to it being unmaintained: https://socket.dev/npm/package/spawn-commandThe last release was 8 years ago, so there's probably other solutions out there or even can be written with native Node.js nowadays.
The text was updated successfully, but these errors were encountered: