8.1.3 • Published 1 year ago

@naandalist/patch-package v8.1.3

Weekly downloads
-
License
MIT
Repository
github
Last release
1 year ago

@naandalist/patch-package

This package is a forked version of the official patch-package. Its main purpose is to fix a security vulnerability (MEDIUM, and HIGH SEVERITY).

Security Improvements

This fork fixes several security vulnerabilities identified by Snyk:

  1. Fixed Regular Expression Denial of Service (ReDoS) vulnerability in cross-spawn dependency

  2. Fixed Inefficient Regular Expression Complexity issue in micromatch dependency

  3. Missing Release of Resource after Effective Lifetime issue in inflight depedency

Installation

npm install @naandalist/patch-package
# or
yarn add @naandalist/patch-package

Usage

The usage remains identical to the original patch-package, maintaining full compatibility while providing enhanced security.

Creating Patches

  1. Make your changes to package files in the node_modules folder
  2. Run the following command:
# Using yarn
yarn patch-package package-name

# Using npm
npx patch-package package-name

Applying Patches

Patches are automatically applied when you run:

yarn install
# or
npm install

For detailed usage instructions and advanced features, please refer to the original patch-package documentation.

Why Use This Fork?

  • ✅ All original functionality preserved
  • 🛡️ Snyk finding security vulnerabilities fixed
  • 💪 Regular security maintenance

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

MIT - See LICENSE for details.

For more details, please visit GitHub repository.

patchpackagemodulenode_modulesnpmyarnfixdependencydependenciesforkhotfixmonkeypatchmaintenancenpm-scriptspatchingpackage-managementdependency-management
tmpopenyamlchalkslashsemverci-infofs-extraminimistklaw-synccross-spawnfind-workspaces@yarnpkg/lockfilejson-stable-stringify
8.1.3

1 year ago

8.1.2

1 year ago

8.1.1

1 year ago