microsoft/TypeScript-React-Starter

react-scripts-ts is vulnerable

JukoPowel opened this issue · 3 comments

react-scripts-ts newest version uses webpack-dev-server@3.1.9, which is vulnerable version.
There is no public repository for react-scripts-ts, so I report it here, since You recommend to use this package.

This is the repository you are referring to: https://github.com/wmonk/create-react-app-typescript

It has been marked as obsolete and should not be used anymore. CRA 2 has TypeScript support and this guide should probably be updated to recommend using that.

Thank You for quick response.
I found useful migration guide:
https://vincenttunru.com/migrate-create-react-app-typescript-to-create-react-app/

Issue may be closed.

Hi Tomas, the README.md still refers to create-react-app my-app --scripts-version=react-scripts-ts which will installl react-scripts-ts which still has the vulnerability. It should be updated to create-react-app my-app --typescript like you said, but then the guide will not match with the files generated, it should still be addressed.