This package is a forked version of the official patch-package. Its main purpose is to fix a security vulnerability (MEDIUM, and HIGH SEVERITY).
This fork fix all security vulnerabilities identified by Snyk:
| No. | Issue Type | Dependency | Severity | Vulnerability ID |
|---|---|---|---|---|
| 1 | Regular Expression Denial of Service (ReDoS) | cross-spawn |
High 🚨 | SNYK-JS-CROSSSPAWN-8303230 |
| 2 | Inefficient Regular Expression Complexity | micromatch |
High 🚨 | SNYK-JS-MICROMATCH-6838728 |
| 3 | Missing Release of Resource after Effective Lifetime | inflight |
Medium 🚨 | SNYK-JS-INFLIGHT-6095116 |
npm install @naandalist/patch-package
# or
yarn add @naandalist/patch-packageThe usage remains identical to the original patch-package, maintaining full compatibility while providing enhanced security.
- Make your changes to package files in the
node_modulesfolder - Run the following command:
# Using yarn
yarn patch-package package-name
# Using npm
npx patch-package package-namePatches are automatically applied when you run:
yarn install
# or
npm installFor detailed usage instructions and advanced features, please refer to the original patch-package documentation.
- ✅ All original functionality preserved
- 🛡️ Snyk finding security vulnerabilities fixed
- 💪 Regular security maintenance
Contributions are welcome! Please feel free to submit a Pull Request.
MIT - See LICENSE for details.
For more details, please visit GitHub repository.