Lint-staged is a popular npm package that helps developers automatically lint files staged in Git before committing, ensuring code quality and consistency. Versions 3.5.1 and 3.5.0 share a common foundation, using dependencies like execa for executing commands, listr for creating elegant task lists in the console, p-map for parallel processing, and cosmiconfig for configuration file loading. They include the same core set of tools for managing git staged files. Lint-staged uses minimatch for file matching and a standard set of developer dependencies like Jest for testing, ESLint for linting, and Babel for transpilation.
The key difference lies in the eslint-config-okonet dev dependency; version 3.5.1 depends on "^4.0.0" while 3.5.0 uses "^1.1.1". This suggests an update to the ESLint configuration rules used by the project which may affect the expected code style enforced by the linter.
For developers choosing between these versions, consider whether the upgrade in eslint-config-okonet introduces breaking changes in linting rules that require code adjustments. If you are locked to an older version of eslint-config-okonet because of company constrains you should use the 3.5.0 or check the changelog to upgrade the eslint config to match the new version and use the 3.5.1. If you're starting a new project or are comfortable with potential changes enforced by the updated ESLint configuration, version 3.5.1 is recommended for the latest linting rules.
All the vulnerabilities related to the version 3.5.1 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
