There have been multiple NPM releases of this package which have no evidence in this repo. This is concerning and a potential security risk.
- the most recent release is 2.5.4
- the most recent npmjs.org version is 2.8.6 (!?)
- a commit setting version 2.8.4 on the package.json is present, but no tagged release corresponds to it
- a changelog entry exists for 2.8.1 but nothing since
If possible, can the releases in npmjs have some tagging here? Otherwise, it is very challenging to assess both upgrades and security risks.
Appreciate greatly all of your time on this product, and hope this is received as supportive feedback!
There have been multiple NPM releases of this package which have no evidence in this repo. This is concerning and a potential security risk.
If possible, can the releases in npmjs have some tagging here? Otherwise, it is very challenging to assess both upgrades and security risks.
Appreciate greatly all of your time on this product, and hope this is received as supportive feedback!