Unmaintained Imagemin plugin has security issues and does not work with macOS M1 chip

Question

Unmaintained Imagemin plugin has security issues and does not work with macOS M1 chip

HeikkiYlipaavalniemi opened this issue 3 years ago · 1 comments

HeikkiYlipaavalniemi commented 3 years ago

We were updating our Emulsify version to more recent Storybook versions to handle NPM audit security warnings.

During this we noticed that the currently used Imagemin plugin has security issues. When digging deeper I noticed that the actual Imagemin plugin is unmaintained. It relies on the Imagemin package (npmjs.com/package/imagemin). There is an issue for the situation at github.com/imagemin/imagemin/issues/385.

The maintainer of the Imagemin plugin recommends switching to Squoosh (github.com/GoogleChromeLabs/squoosh). This plugin seems very active and it also has a Webpack plugin at squoosh-webpack-plugin.info.

I would suggest that we could also replace the current unmaintained Imagemin plugin with this alternative.

The other problem with the current plugin is that it does not compile with the newer macOS M1 chips.

┆Issue is synchronized with this Clickup by Unito

Answer 1 · 2023-03-17T14:08:15.000Z

it would appear that even Squoosh is abandoned now too? GoogleChromeLabs/squoosh#1084 (comment)

it doesn't seem like there are any healthy projects to handle this task at the moment.