DEV Community


Discussion on: Fixing NPM Dependencies Vulnerabilities

scottdotjs profile image
Scott Martin 🛠️

Typically, I found a workaround after writing the above. It turns out that cpx is unmaintained. There's a fork called cpx2 that works as a drop-in replacement and resolves the vulnerability. Would the solution to this problem otherwise have been to get cpx to update its dependencies, though?