npm-run-all is a command-line tool designed to streamline the execution of multiple npm scripts, offering both parallel and sequential execution capabilities. Versions 3.1.1 and 3.1.0 share a common foundation, providing developers with a robust solution for managing complex build processes and development workflows. Both versions include key dependencies like chalk for stylized console output, cross-spawn for cross-platform compatibility when spawning child processes, minimatch for pattern matching in file paths, and shell-quote for safely handling shell commands. Development dependencies such as eslint for code linting, mocha for testing, and babel for transpilation are identical, ensuring consistent development environments.
The primary distinction between version 3.1.0, released on September 1, 2016, and version 3.1.1, released on October 15, 2016, lies in bug fixes and minor improvements. While the core functionality remains the same, upgrading to version 3.1.1 provides the benefit of addressing potential issues identified and resolved since the earlier release. This focus on stability makes version 3.1.1 the preferred choice for developers seeking the most reliable experience ensuring that scripting complexities are managed efficiently, improving automation and developer productivity.
All the vulnerabilities related to the version 3.1.1 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
