Remove Vorpal.js dependency #9
Comments
|
Tried forking Vorpal to upgrade dependencies, but there's too many and pretty much all of them go up several major versions. |
|
The vulnerable dependency specifically is an old version of Though this is a major version mismatch, nothing seems to break on night-patrol so seems to be safe. |
|
Terminal Kit looks like a good alternative. |
|
I tried migrating to TerminalKit by replicating Vorpal's interface. It's a lot of work. Terminal Kit is low-level and has some weird behaviour with input capturing. e.g. I couldn't figure out how to CTRL+C to send a SIGINT. Also it seems to need some clean up so the terminal isn't left in a "bad state". A lot of terminal-related behaviour to learn. Not sure if it's worth going through that, vs. attempting to maintain Vorpal. I'll try forking Vorpal first as generally it seems like a more convenient tool. If I am replicated its interface in another tool, I might aswell try to do it inside-out. |
Vorpal.js is barely maintained and has out of date dependencies, some with security alerts (though it's mitigated by using more recent versions in night-patrol since they're caret versions).
Vorpal is just a layer over Inquirer so it can switch to that with some work.
The text was updated successfully, but these errors were encountered: