eslint-plugin-node offers enhanced ESLint rules specifically tailored for Node.js development. Comparing versions 4.1.0 and 4.0.1, while the core functionality and dependencies remain consistent, the key difference lies in the included fixes and improvements under the hood. Both versions share identical dependencies, including "ignore," "minimatch," "object-assign," "resolve," and "semver," ensuring consistent handling of file ignoring, globbing, object manipulation, module resolution, and version management. The developer tooling encapsulated in devDependencies also remains the same, demonstrating a stable development environment between releases with packages like @types/node, eslint, mocha, and nyc used for type definitions, linting, testing, and code coverage accordingly. For developers, this implies a predictable upgrade path. The stability in dependencies and devDependencies highlights that upgrading from 4.0.1 to 4.1.0 shouldn't introduce breaking changes stemming from core tooling. The main improvement relates to its bug fixes and internal enhancements, contributing to a more stable and reliable linting experience when developing Node.js applications. Because the peer dependency "eslint":">=3.1.0" is consistent accross the versions, developers can expect that changes in the plugin won't break compatibility with a wide array of ESLint versions. Ultimately this delivers a smoother workflow regarding linting Node.js projects using ESLint.
All the vulnerabilities related to the version 4.1.0 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
