@naandalist/patch-package
This package is a forked version of the official patch-package v8.0.0. Its main purpose is to fix security vulnerabilities (MEDIUM and HIGH SEVERITY) while maintaining full compatibility with the original package.
Security Improvements
This fork fixes all security vulnerabilities identified by Snyk:
| # | Vulnerability | Package | Severity | Reference |
|---|---|---|---|---|
| 1 | Regular Expression Denial of Service (ReDoS) | cross-spawn | High | SNYK-JS-CROSSSPAWN-8303230 |
| 2 | Inefficient Regular Expression Complexity | micromatch | High | SNYK-JS-MICROMATCH-6838728 |
| 3 | Missing Release of Resource after Effective Lifetime | inflight | Medium | SNYK-JS-INFLIGHT-6095116 |
Installation
# Using npm
npm install @naandalist/patch-package
# Using yarn
yarn add @naandalist/patch-packageUsage
The usage remains identical to the original patch-package, maintaining full compatibility while providing enhanced security.
Creating Patches
- Make your changes to package files in the
node_modulesfolder - Run the following command:
# Using yarn
yarn patch-package package-name
# Using npm
npx patch-package package-nameApplying Patches
Patches are automatically applied when you run:
yarn install
# or
npm installFor detailed usage instructions and advanced features, please refer to the original patch-package documentation.
Why Use This Fork?
- ✅ All original functionality preserved
- 🛡️ Snyk finding security vulnerabilities fixed
- 💪 Regular security maintenance
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
License
MIT - See LICENSE for details.
For more details, please visit the GitHub repository.