Skip to content

Is this project still alive - unfixed critical vulnerabilities in dependencies #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
BePo65 opened this issue Nov 14, 2024 · 5 comments
Open

Is this project still alive - unfixed critical vulnerabilities in dependencies #60

BePo65 opened this issue Nov 14, 2024 · 5 comments
Labels
dependencies Pull requests that update a dependency file question A question needs to be answered before progress can be made on this issue

Comments

@BePo65
Copy link

BePo65 commented Nov 14, 2024
edited
Loading

Running npm audit lists many vulnerabilities:

19 vulnerabilities (5 moderate, 6 high, 8 critical)

Since there are pull requests still open fixing some of these issues dating from 2022, it seems that this project is abandoned.

@indexzero : is it worth creating a fix for these issues? I would do this, only if we have a chance to get this project up to date on npmjs too.
@nelsonic nelsonic added the dependencies Pull requests that update a dependency file label Nov 19, 2024
@BePo65 BePo65 changed the title Is this project still alive - unfixed critical issues with versions of used packages Is this project still alive - unfixed critical vulnerabilities in dependencies Nov 26, 2024
@MikeMcC399 MikeMcC399 mentioned this issue Nov 28, 2024
Open
@BePo65 BePo65 mentioned this issue Nov 28, 2024
Open
@MikeMcC399

This comment was marked as resolved.

Sign in to view
@nelsonic nelsonic added the question A question needs to be answered before progress can be made on this issue label Nov 30, 2024
@nelsonic
Copy link
Collaborator

@MikeMcC399, I was granted write access back in the day. ✍️
So can assist with maintenance. 🧹
Starting with the CI side-quest: #61

@MikeMcC399
Copy link
Contributor

As discussed elsewhere, the last release was https://github.com/indexzero/ps-tree/releases/tag/1.2.0 in Nov 2018, so the answer is effectively that the project is no longer maintained if it does not have the ability to trigger new releases.

See also the npm registry version list https://www.npmjs.com/package/ps-tree?activeTab=versions

@indexzero
Copy link
Owner

This project is not dead. It's simply that – as John Lennon would say – "Open Source is what happens when you're busy making other plans."

Contributions are always welcome, but please forgive delays in my response. I started this project when I was single. I now have three kids.

I get many emails for Github issues which makes it hard to parse out the signal from the noise. Recently, I created a new email address for npm only which is npm@charlie.dev. If you need my attention that's the best place to get it <3

@MikeMcC399
Copy link
Contributor

@indexzero

Welcome back!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file question A question needs to be answered before progress can be made on this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@indexzero @nelsonic @BePo65 @MikeMcC399