sync-exec; 1 sync-exec vulnerability found in package-lock.json

[steida]

npm list sync-exec
este@ /Users/steida/dev/este-typescript
└─┬ [email protected]
  └─┬ [email protected]
    └─┬ [email protected]
      └── [email protected]

Should not be used imho.

[divyenduz]

There is a regression in windows for npm-run (prisma/prisma#3517). We can upgrade this after this one is merged timoxley/npm-run#21

Or break the build for windows temporarily. Can you please confirm what the vulnerability is exactly and does it also affect CLI tools?

[steida]

I think it's not severe, because it's for local web development, but I am not an expert. I would wait, this issue can help the others meanwhile.

[tianhuil]

The regression is still around. Any ETA on fixing this?

$ npm list sync-exec
[email protected]
└─┬ [email protected]
  └─┬ [email protected]
    └─┬ [email protected]
      └── [email protected]