Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Remove lodash? #2279

Closed
Closed
Labels
dependenciesIssue about dependencies of the packagehelp wantedExtra attention is neededpackage: typescript-estreeIssues related to @typescript-eslint/typescript-estree
@danielnixon

Description

@danielnixon

Lodash has anopen security vuln and showssigns of being borderline unmaintained.

Repro

  1. Install typescript-eslint/eslint-plugin
  2. Check your Snyk report (e.g.https://snyk.io/test/github/danielnixon/eslint-plugin-total-functions?targetFile=package.json)
  3. Or run yarn audit / npm audit

Expected Result

No security vuln reported

Actual Result

Lodash security vuln reported

Additional Info

It looks like typescript-estree only uses lodash once, forunescape.unescape happens to be tiny and unlikely to evolve over time:https://github.com/lodash/lodash/blob/4.17.11/lodash.js#L15145

I'd be happy to raise a PR to inlineunescape (or maybe replace it withhttps://www.npmjs.com/package/he or something) and remove the lodash dependency.

Versions

Latest

Metadata

Metadata

Assignees

No one assigned

    Labels

    dependenciesIssue about dependencies of the packagehelp wantedExtra attention is neededpackage: typescript-estreeIssues related to @typescript-eslint/typescript-estree

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      [8]ページ先頭
      ©2009-2025 Movatter.jp