Nomnom is a lightweight and versatile option parser for Node.js, designed to simplify command-line argument handling, automatically generating usage instructions and supporting subcommands. Version 1.8.1 is a minor update to its previous stable version 1.8.0, primarily differing in its release date. Published on November 7th, 2014, v1.8.1 arrived several months after v1.8.0, which had been released on June 28th, 2014. Both showcase identical core features; the core dependencies on external packages remain consistent, relying on underscore (version ~1.6.0) for utility functions and chalk (version ~0.4.0) for terminal styling. The developer dependencies also remained untouched, with nodeunit (~0.7.4) used for testing
Developers benefit from Nomnom's ease of use in defining options with expected types, descriptions, and default values. Its automated usage generation reduces boilerplate code, making command-line interfaces intuitive and maintainable. The library is particularly well-suited for projects requiring clear and easily accessible command-line arguments. The GitHub repository provides a central location for issue tracking and code contribution, whilst the tarball URLs allow for direct artifact downloads. This package with the name nomnom supports the creation of command line tools with ease of use, flexibility and automation.
All the vulnerabilities related to the version 1.8.1 of the package
Arbitrary Code Execution in underscore
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
