Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Security improvement #2388
Original Pull Request :
Please reconsider this pull request again because :
Security improvement reported as following
If you want to fix these vulnerabilities, the first step is to open an issue to discuss the supported Node versions.
The majority of users using gulp shall be developers. Node.js could be updated either through yum or apt on Linux or download directly from node.js website in other systems. Getting an LTS version of Node.js shall not be hard for a developer, instead, getting v0.12 node.js may take more chances for the software being developed getting hacked. I think this is why the npm audit is getting developed: to provide safety.
Perhaps, it might be to like Android System, less than 1 % would use the latest SDK. While in the opposite, Apple requests its developer to support the new SDK. It is a sad story to see google's new Android SDK is deprecated to developers.