Skip to content

Naandalist/patch-package

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

668 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

@naandalist/patch-package

This package is a forked version of the official patch-package v8.0.0. Its main purpose is to fix a security vulnerability (MEDIUM, and HIGH SEVERITY).

Security Improvements

This fork fix all security vulnerabilities identified by Snyk:

No. Issue Type Dependency Severity Vulnerability ID
1 Regular Expression Denial of Service (ReDoS) cross-spawn High SNYK-JS-CROSSSPAWN-8303230
2 Inefficient Regular Expression Complexity micromatch High SNYK-JS-MICROMATCH-6838728
3 Missing Release of Resource after Effective Lifetime inflight Medium SNYK-JS-INFLIGHT-6095116

Installation

npm install @naandalist/patch-package
# or
yarn add @naandalist/patch-package

Usage

The usage remains identical to the original patch-package, maintaining full compatibility while providing enhanced security.

Creating Patches

  1. Make your changes to package files in the node_modules folder
  2. Run the following command:
# Using yarn
yarn patch-package package-name

# Using npm
npx patch-package package-name

Applying Patches

Patches are automatically applied when you run:

yarn install
# or
npm install

For detailed usage instructions and advanced features, please refer to the original patch-package documentation.

Why Use This Fork?

  • ✅ All original functionality preserved
  • 🛡️ Snyk finding security vulnerabilities fixed
  • 💪 Regular security maintenance

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

MIT - See LICENSE for details.


For more details, please visit GitHub repository.

About

Fix security vulnerability (MEDIUM SEVERITY)

Resources

License

Stars

1 star

Watchers

0 watching

Forks

Packages

 
 
 

Contributors

Languages

  • TypeScript 99.7%
  • Other 0.3%