Eslint-plugin-node versions 2.0.0 and 1.5.2, both designed to enhance ESLint with Node.js-specific rules, showcase subtle but important differences beneficial to developers. Version 2.0.0, released shortly after 1.5.2, includes an update to the semver dependency, moving from version 5.1.0 to 5.2.0. More significantly, the development dependencies reflect an upgrade in the supported ESLint version, shifting from eslint:^2.9.0 in 1.5.2 to eslint:^3.0.0 in 2.0.0, as well as eslint-config-mysticatea that goes from 3.0.0 to 5.0.0. This suggests that version 2.0.0 is tailored for projects using newer ESLint versions, offering potentially improved compatibility and access to the latest ESLint features. The peer dependency for ESLint is also updated, requiring eslint: >=2.0.0 instead of eslint: >=1.10.3, further emphasizing alignment with more recent ESLint releases. Choosing between them depends on the ESLint version already in use; upgrading to 2.0.0 is advisable when using ESLint 3.x or later to leverage the latest rule improvements and ensure optimal performance. For projects still on ESLint 2.x, version 1.5.2 might be more suitable to avoid compatibility issues. Both versions share core dependencies like ignore, minimatch, object-assign, and resolve, maintaining consistent behavior for fundamental functionalities.
All the vulnerabilities related to the version 2.0.0 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
