Commander.js, a popular Node.js package for building command-line interfaces, saw a release of version 2.14.0 on February 6, 2018, succeeding version 2.13.0 released on January 11, 2018. While both versions share the same core functionality and description, offering a complete solution for Node.js command-line programs, some differences might be interesting to note before upgrading. Crucially, neither version lists any direct dependencies, keeping the footprint small and manageable for developers.
The key changes between versions lie in their development dependency definitions. Version 2.14.0 boasts a variety of updates for testing, linting, and type checking that were not present in version 2.13.0. New additions include eslint for code linting increased to version ^3.19.0. standard also appears as a new dev dependency and typescript increased to version ^2.7.1 allowing access to all the newest features and bugfixes. Finally, @types/node got a bump to the version ^7.0.52.
Developers should be aware of these finer dependencies before upgrading. If your build pipeline relies on a particular version of Typescript, ESlint or the Node.js type definitions, the update to Commander.js 2.14.0 may require a change to the whole toolchain. Conversely, staying on Commander version 2.13.0 locks you into older versions of the toolchain mentioned which may prevent you from taking advantage of features offered by newer libraries. The decision to upgrade is entirely dependent from the requirements of your project.
The are not vulnerabilities for the version 2.14.0 of the package commander
