[project] Unused npm-watch dependency

Question

[project] Unused npm-watch dependency

miqmago opened this issue a year ago · 6 comments

The @trapezedev/project depends on npm-watch but it seems not to be used anywhere.

npm-watch seems not to be regularly mantained. npm-watch depends on nodemon@^2.0.7 (06/01/2021).
Right now nodemon is 3.0.1.

On an npm audit fix it raises a Severity: moderate

Maybe this dependency could be removed if not used anywhere.

Answer 1 · 2023-09-07T22:15:47.000Z

Depends too on mergexml that seems not to be regularly mantained and depend on deprecated "formidable": "^1.2.1"

Answer 2 · 2023-09-28T07:42:01.000Z

Just wanted to give support to this issue, as npm-watch is blocking updates of nodemon, and triggers vulnerability warning :)

Answer 3 · 2024-04-30T20:35:13.000Z

npm-watch received a recent release to address the nodemon dependency.
However, as @trapezedev/project is using npm-watch from 0.9.0 instead of 0.12.0, it continues to trigger audit warnings.
I think the simplest way is to remove the dependency as suggested, or at least upgrade npm-watch to ^0.12.0