prebuild-install icon indicating copy to clipboard operation
prebuild-install copied to clipboard
verified publisher icon prebuild

Remove `rc` dependency

Open goatandsheep opened this issue 4 years ago • 2 comments

Would you want to want to switch to maintained forks like run-con?

goatandsheep avatar Dec 15 '21 02:12 goatandsheep

Thanks for taking the initiative. Note that in the context of prebuild-install, the fork doesn't fix known bugs and rc has no open vulnerabilities. I'm aware though of GHSA-g2q5-5433-rhrf. I doubt that moving ownership from one person to another single person is the long-term solution to protect against supply chain attacks. Switching dependencies here could be good for the short term, were it not for the fact that rc is not essential here. If we're gonna spend any time on this (prebuild-install itself has a replacement) it should be to just remove rc.

vweevers avatar Dec 16 '21 23:12 vweevers

+1 for removing rc altogether

ralphtheninja avatar Dec 17 '21 12:12 ralphtheninja