Peeyush Kushwaha

The issue is fixed for me (I use npm + package-lock) through this patch ``` diff --git a/node_modules/patch-package/dist/getPackageResolution.js b/node_modules/patch-package/dist/getPackageResolution.js index bc7ffaa..287a2f1 100644 --- a/node_modules/patch-package/dist/getPackageResolution.js +++ b/node_modules/patch-package/dist/getPackageResolution.js @@ -65,7 +65,7 @@...

It would be good to have separate places for discussion of hack and F#-style proposals. I believe that earlier hack-style was being discussed at https://github.com/js-choi/proposal-hack-pipes/ Should F#-style proposal related discussions...

> Install scripts that can run just about anything by default pose some pretty serious security considerations Since this presupposes that the package you're installing might have malicious code, how...

> For example, if a package-lock.json is present then you can don't need to require the flag. This is because there is no danger of picking up a random patch...

> The goal of this RFC is explicitly to handle a unique class of "passive" threats that exist by simply being present in the dependency chain. This can make them...

I was thinking that another strategy for this could be that we maintain a map of registered links where keys are the text within [...] and the link is specified....

A bigger issue is that this silently fails. Versions: ``` Elasticsearch: 7 "winston": "^3.2.1", "winston-elasticsearch": "0.15.5" ``` I had to deduce that the problem was actually here with a lot...

This is a flaky bug. It sometimes happens and sometimes doesn't. Anyways, the problem goes away if I create the template myself.

Anything blocking this from being merged?

I'd like to request that this be re-opened. This issue does fit with my workflow, but despite my own workflow, the main reason I think this should be provided is...