npm-run-all version 3.1.2 arrived hot on the heels of 3.1.1, presenting developers with subtle but potentially impactful changes in this essential utility for orchestrating npm scripts. Both versions retain their core functionality: enabling parallel or sequential execution of multiple npm scripts, making build processes and development workflows significantly more efficient. Key dependencies like chalk, cross-spawn, minimatch, and shell-quote remain consistent, ensuring stable integration with existing projects.
The primary difference lies in the introduction of @types/node as a development dependency in version 3.1.2. This addition signals an emphasis on improved TypeScript support, offering type definitions for Node.js APIs, enhancing code quality, and facilitating smoother collaboration for TypeScript developers employing npm-run-all.
Furthermore, a notable update is the inclusion of the "releaseDate" field in the package metadata, providing developers with precise information about when each version was published. Version 3.1.2 was released on December 1st, 2016, while version 3.1.1 was released on October 15th, 2016. Developers reviewing package histories or troubleshooting specific issues can leverage this date for more accurate tracking and debugging. This, taken together with other changes might bring improved stability addressing minor bugs and paving the way for future improvements, making version 3.1.2 a recommended upgrade for those seeking the most up-to-date and reliable experience.
All the vulnerabilities related to the version 3.1.2 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
