Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[project] Unused npm-watch dependency #200

Open
miqmago opened this issue Sep 4, 2023 · 3 comments
Open

[project] Unused npm-watch dependency #200

miqmago opened this issue Sep 4, 2023 · 3 comments

Comments

@miqmago
Copy link

miqmago commented Sep 4, 2023

The @trapezedev/project depends on npm-watch but it seems not to be used anywhere.

npm-watch seems not to be regularly mantained. npm-watch depends on nodemon@^2.0.7 (06/01/2021).
Right now nodemon is 3.0.1.

On an npm audit fix it raises a Severity: moderate

Maybe this dependency could be removed if not used anywhere.
@chacabuk
Copy link

chacabuk commented Sep 7, 2023

Depends too on mergexml that seems not to be regularly mantained and depend on deprecated "formidable": "^1.2.1"

@Ericlm
Copy link

Ericlm commented Sep 28, 2023

Just wanted to give support to this issue, as npm-watch is blocking updates of nodemon, and triggers vulnerability warning :)

@AntiGuideAkquinet AntiGuideAkquinet mentioned this issue Apr 26, 2024
Open
@Ericlm
Copy link

Ericlm commented Apr 30, 2024

npm-watch received a recent release to address the nodemon dependency.
However, as @trapezedev/project is using npm-watch from 0.9.0 instead of 0.12.0, it continues to trigger audit warnings.
I think the simplest way is to remove the dependency as suggested, or at least upgrade npm-watch to ^0.12.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@miqmago @chacabuk @Ericlm