Last 12 weeks · 0 commits
4 of 6 standards met
deep-assign has been deprecated and contains a known vulnerability. The maintainer of deep-assign recommends lodash.merge or lodash.merge-options as a maintained alternative. Please consider updating dependencies to use lodash.merge@4.17.11 at a minimum. https://nvd.nist.gov/vuln/detail/CVE-2019-10745
Hi, I found that two transitive dependencies are not used in your package, according to your tests. So I created a package-lock.json file that excludes the useless dependencies. Would you consider removing useless dependencies from your package, so that developers do not need to install them when they use your package? The two transitive dependencies are: string_decoder util-deprecate
Repository: sindresorhus/gulp-chmod. Description: Change permissions of Vinyl files Stars: 39, Forks: 10. Primary language: JavaScript. Languages: JavaScript (100%). License: MIT. Topics: chmod, gulp-plugin, javascript, nodejs, vinyl. Latest release: v4.0.0 (2y ago). Open PRs: 0, open issues: 0. Last activity: 2y ago. Community health: 85%. Top contributors: sindresorhus, erwinw, jbsulli, popomore.