is this project dead?

Question

is this project dead?

Closed this issue 5 years ago · 8 comments

kdwodc commented 5 years ago

Are there any recommended forks that are maintained? I really like this tool and want to keep using it.

Answer 1 · 2020-02-03T09:40:27.000Z

Why do you think that it's dead? 🤔

[...] want to keep using it.

Is there anything currently preventing you from using it? 🤔

Answer 2 · 2020-02-20T19:43:29.000Z

Is there anything currently preventing you from using it? thinking

@LinusU there are some open pull requests related to security fixes (e.g. #368, #361, #378) and I did not see the maintainers moving in order to merge or discussing what needs to be done.

Does the security matter to the maintainers?

Answer 3 · 2020-02-20T20:50:48.000Z

Why do you think that it's dead? 🤔

[...] want to keep using it.

I don't remember if I was asking about forks for a different reason or because I thought it was dead, but since you assumed the latter ...

Most of the dependencies are out of date and no new version has been published in over a year. The version before that was a year before this one. Readme specifies it works with npm@2 and npm@3, no mention of 4, 5, or 6.

I don't remember what error I was having that prompted me to look for an update, but it's working now, so if the project is still maintained the owners can certainly close this.

Answer 4 · 2020-02-28T08:59:02.000Z

there are some open pull requests related to security fixes (e.g. #368, #361, #378) and I did not see the maintainers moving in order to merge or discussing what needs to be done.

Fixed

Does the security matter to the maintainers?

Since this is a tool that one runs on their own code I don't really see how someone could use a REDOS vulnerability in lodash maliciously?

Most of the dependencies are out of date and no new version has been published in over a year. The version before that was a year before this one.

I use this tool at least once a week and it works great, I don't see why we need to release more often? 🤔

Answer 5 · 2020-03-03T17:25:34.000Z

Great to see new releases!

Looks like there are still dependency issues. I just updated and got this result:

$ npm i npm-check -g
npm WARN deprecated core-js@2.6.11: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
npm WARN deprecated cross-spawn-async@2.2.5: cross-spawn no longer requires a build toolchain, use it instead
/usr/local/bin/npm-check -> /usr/local/lib/node_modules/npm-check/bin/cli.js
+ npm-check@5.9.2
updated 1 package in 107.022s

I'm fine with closing this ticket though, obviously the project isn't dead.

Answer 6 · 2020-03-04T07:54:34.000Z

I'd be happy to accept pull requests for that 👍

Answer 7 · 2021-07-07T06:33:53.000Z

Currently there are 20 open pull requests. @LinusU are you still maintaining this repo, or is it dead now?

Answer 8 · 2022-07-06T09:49:35.000Z

Looks like it's finally time to switch over to npm-check-updates. I recall choosing npm-check because it had some features the former one didn't have at the time but now looks like it's not the case anymore.

For anyone willing to switch, to mimic the behavior of npm-check in npm-check-updates, run

npx ncu --interactive --upgrade --format group,repo
npm install

Also, npm i -g npm-check-updates, and you can add to your .bashrc for faster typing:

alias ncuf='ncu --interactive --upgrade --format group,repo'