DEV Community

Discussion on: May 13th, 2021: What did you learn this week?

Collapse
 
nickytonline profile image
Nick Taylor

Puppet bird looking through binoculars

I’m curious which npm package it is and which dependency?

Collapse
 
tuanacelik profile image
Tuana Celik

Alright, ready for this? So, it's a dependency of


  (I was adding TS types to our npm package: https://www.npmjs.com/package/cumulio) And dts-gen has

 ```yargs-parser```

 as a dependency. But that dependency is being flagged as vulnerable. And you can't fix it via npm audit because it's a dependency of a dependency. Seems I'm not the only one in this pickle, found many more: https://github.com/JeffreyWay/laravel-mix/issues/2389

BUT, since my types are already created now I think I can just remove dts-gen from my dependencies and call it a day? Not sure.. And then.. I gotta figure out how to upload a new version to npm 😂

I've come to the world of web dev from a low level C++ developer background and most of the time it feels like a breath of fresh air... Until NPM hits you with this 💩 still learning... :)
Enter fullscreen mode Exit fullscreen mode