npm-run-all version 4.1.2 represents a minor update over its predecessor, 4.1.1, both serving as command-line tools designed to execute multiple npm scripts sequentially or in parallel. This capability can be a significant efficiency booster for developers managing complex projects with numerous tasks like building, testing, and linting.
Key changes reside in the improved dependency management. Version 4.1.2 updates the read-pkg dependency from version 2.0.0 to version 3.0.0 and replaces memory-streams with memorystream. Additionally, it adds p-queue and yarn as dev dependencies. While read-pkg update likely addresses bug fixes or new features in package.json handling, the change of streams likely has to do with performance improvements or bug fixes. The addition of p-queue likely addresses limitations on how npm-run-all manages concurrent processes.
Developers upgrading should note these dependency changes as they might impact the development environment, especially if relying on specific behaviors of the older versions. The core functionality of running npm scripts remains the same, providing a streamlined way to orchestrate project tasks, freeing up developers to focus on core coding activities. Both versions are licensed under MIT, ensuring broad usage rights.
All the vulnerabilities related to the version 4.1.2 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
