Fsevents versions 0.3.8 and 0.3.7 offer native access to Mac OS-X FSEvents, enabling developers to monitor file system changes efficiently. Both versions are licensed under the MIT license and authored by Philipp Dunkel, with the source code residing in the strongloop/fsevents GitHub repository. They share a common set of development dependencies, specifically tap version ~0.4.8, used for testing.
The key distinction between the two versions lies in their dependencies on the nan package, a crucial component for writing native Node.js addons. Version 0.3.8 depends on nan version ^2.0.2, while the older 0.3.7 relies on nan version ^1.8.0. This seemingly minor difference is significant because nan facilitates compatibility between Node.js and native C++ code. By upgrading the nan dependency, version 0.3.8 likely incorporates improvements, bug fixes, or new features present in nan version 2.x, potentially enhancing the stability or performance of the file system monitoring. Users should opt for the newest compatible fsevents version to leverage latest underlying tooling enhancements.
The release dates also highlight the update, with version 0.3.8 released on August 6, 2015, a week after version 0.3.7 which was released on July 30, 2015.
All the vulnerabilities related to the version 0.3.8 of the package
Code injection in fsevents
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary.
