What to build
Socket flagged tiged as a possible typosquat of giget (a more popular package). While tiged is a legitimate fork of degit, this warning combined with the CVE and deprecated deps suggests we should evaluate replacing it.
Alternatives to evaluate
giget — Modern, maintained, used by Nuxt/UnJS ecosystem. Supports GitHub, GitLab, Bitbucket.degit — Original by Rich Harris, but unmaintained.- Custom solution — Use
fetch to download GitHub tarball + tar to extract. Zero dependencies.
Specs
- Must support: cloning a subdirectory from a GitHub repo (e.g.,
Ebyte-Lab/opusify-templates/portfolio/nextjs-monolith).
- Must support: private repos with token auth.
- Should not add deprecated or vulnerable transitive dependencies.
Acceptance criteria
What to build
Socket flagged
tigedas a possible typosquat ofgiget(a more popular package). Whiletigedis a legitimate fork ofdegit, this warning combined with the CVE and deprecated deps suggests we should evaluate replacing it.Alternatives to evaluate
giget— Modern, maintained, used by Nuxt/UnJS ecosystem. Supports GitHub, GitLab, Bitbucket.degit— Original by Rich Harris, but unmaintained.fetchto download GitHub tarball +tarto extract. Zero dependencies.Specs
Ebyte-Lab/opusify-templates/portfolio/nextjs-monolith).Acceptance criteria
gigetas a replacement (test with our repo structure).gigetworks: replacetigedwithgiget, updatesrc/generate.js.node:https+tar.