Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move from
optimist
to yargs
b/c underlying minimist
security
vulnerabilities Problem ------- `sifter` depends on `optimist` which depends on an old version of `minimist` which has a security vulnerability (https://snyk.io/vuln/SNYK-JS-MINIMIST-559764). Additionally, `optimist` the package is no longer supported. The author suggests just using `minimist` directly. After some investigation, it looks like `yargs` is basically a drop in replacement for `optimist`. Solution -------- Replace `optimist` with `yargs`. This removes the vulnerabilty and requires almost no code changes. ```bash $ bin/sifter.js --help Usage: sifter.js --query="search query" --fields=a,b Options: --help Show help [boolean] --version Show version number [boolean] --fields Search fields (comma separated) [default: ""] --query Search query [default: ""] --sort Sort field [default: ""] --direction Sort direction [default: "asc"] --file CSV or JSON dataset $ bin/sifter.js --version 0.6.0 ```
- Loading branch information