@naandalist/patch-package
v8.1.3
Published
Fix broken node modules with no fuss
Downloads
103
Readme
@naandalist/patch-package
This package is a forked version of the official patch-package. Its main purpose is to fix a security vulnerability (MEDIUM, and HIGH SEVERITY).
Security Improvements
This fork fixes several security vulnerabilities identified by Snyk:
Fixed Regular Expression Denial of Service (ReDoS) vulnerability in
cross-spawn
dependency- Severity: High 🚨
- Vulnerability ID: SNYK-JS-CROSSSPAWN-8303230
Fixed Inefficient Regular Expression Complexity issue in
micromatch
dependency- Severity: High 🚨
- Vulnerability ID: SNYK-JS-MICROMATCH-6838728
Missing Release of Resource after Effective Lifetime issue in
inflight
depedency- Severity: Medium 🚨
- Vulnerability ID: SNYK-JS-INFLIGHT-6095116
Installation
npm install @naandalist/patch-package
# or
yarn add @naandalist/patch-package
Usage
The usage remains identical to the original patch-package, maintaining full compatibility while providing enhanced security.
Creating Patches
- Make your changes to package files in the
node_modules
folder - Run the following command:
# Using yarn
yarn patch-package package-name
# Using npm
npx patch-package package-name
Applying Patches
Patches are automatically applied when you run:
yarn install
# or
npm install
For detailed usage instructions and advanced features, please refer to the original patch-package documentation.
Why Use This Fork?
- ✅ All original functionality preserved
- 🛡️ Snyk finding security vulnerabilities fixed
- 💪 Regular security maintenance
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
License
MIT - See LICENSE for details.
For more details, please visit GitHub repository.