graphdoc icon indicating copy to clipboard operation
graphdoc copied to clipboard
verified publisher icon 2fd

dependency on insecure abandoned module

Open ckolderup opened this issue 7 years ago • 0 comments

Hi,

This library has a dependency on the module slug, which is currently subject to a node security advisory. Looking at the project's Github repo, it does not appear that the maintainer is still around-- their last activity on the repo was in April of 2015, nearly 3 years ago.

Would it be possible to switch to a different dependency? Here are a couple alternatives based on some preliminary research:

  • https://www.npmjs.com/package/limax
  • https://www.npmjs.com/package/mollusc

Thanks!

ckolderup avatar Feb 28 '18 16:02 ckolderup