Skip to content

Commit 8a6f59b

Browse files
authored
fix: use chalk as a dependency instead of colors (#473)
a denial of service has been introduced into the latest version of colors and not in chalk
1 parent aea2052 commit 8a6f59b

File tree

3 files changed

+53
-19
lines changed

3 files changed

+53
-19
lines changed

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@
3434
"@babel/preset-typescript": "^7.13.0",
3535
"@babel/register": "^7.13.16",
3636
"babel-core": "^7.0.0-bridge.0",
37-
"colors": "^1.1.2",
37+
"chalk": "^4.1.2",
3838
"flow-parser": "0.*",
3939
"graceful-fs": "^4.2.4",
4040
"micromatch": "^3.1.10",

src/Runner.js

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
'use strict';
1010

1111
const child_process = require('child_process');
12-
const colors = require('colors/safe');
12+
const chalk = require('chalk');
1313
const fs = require('graceful-fs');
1414
const path = require('path');
1515
const http = require('http');
@@ -47,21 +47,21 @@ const bufferedWrite = (function() {
4747

4848
const log = {
4949
ok(msg, verbose) {
50-
verbose >= 2 && bufferedWrite(colors.white.bgGreen(' OKK ') + msg);
50+
verbose >= 2 && bufferedWrite(chalk.white.bgGreen(' OKK ') + msg);
5151
},
5252
nochange(msg, verbose) {
53-
verbose >= 1 && bufferedWrite(colors.white.bgYellow(' NOC ') + msg);
53+
verbose >= 1 && bufferedWrite(chalk.white.bgYellow(' NOC ') + msg);
5454
},
5555
skip(msg, verbose) {
56-
verbose >= 1 && bufferedWrite(colors.white.bgYellow(' SKIP ') + msg);
56+
verbose >= 1 && bufferedWrite(chalk.white.bgYellow(' SKIP ') + msg);
5757
},
5858
error(msg, verbose) {
59-
verbose >= 0 && bufferedWrite(colors.white.bgRed(' ERR ') + msg);
59+
verbose >= 0 && bufferedWrite(chalk.white.bgRed(' ERR ') + msg);
6060
},
6161
};
6262

6363
function report({file, msg}) {
64-
bufferedWrite(lineBreak(`${colors.white.bgBlue(' REP ')}${file} ${msg}`));
64+
bufferedWrite(lineBreak(`${chalk.white.bgBlue(' REP ')}${file} ${msg}`));
6565
}
6666

6767
function concatAll(arrays) {
@@ -77,17 +77,17 @@ function concatAll(arrays) {
7777
function showFileStats(fileStats) {
7878
process.stdout.write(
7979
'Results: \n'+
80-
colors.red(fileStats.error + ' errors\n')+
81-
colors.yellow(fileStats.nochange + ' unmodified\n')+
82-
colors.yellow(fileStats.skip + ' skipped\n')+
83-
colors.green(fileStats.ok + ' ok\n')
80+
chalk.red(fileStats.error + ' errors\n')+
81+
chalk.yellow(fileStats.nochange + ' unmodified\n')+
82+
chalk.yellow(fileStats.skip + ' skipped\n')+
83+
chalk.green(fileStats.ok + ' ok\n')
8484
);
8585
}
8686

8787
function showStats(stats) {
8888
const names = Object.keys(stats).sort();
8989
if (names.length) {
90-
process.stdout.write(colors.blue('Stats: \n'));
90+
process.stdout.write(chalk.blue('Stats: \n'));
9191
}
9292
names.forEach(name => process.stdout.write(name + ': ' + stats[name] + '\n'));
9393
}
@@ -201,7 +201,7 @@ function run(transformFile, paths, options) {
201201
});
202202
} else if (!fs.existsSync(transformFile)) {
203203
process.stderr.write(
204-
colors.white.bgRed('ERROR') + ' Transform file ' + transformFile + ' does not exist \n'
204+
chalk.white.bgRed('ERROR') + ' Transform file ' + transformFile + ' does not exist \n'
205205
);
206206
return;
207207
} else {
@@ -247,7 +247,7 @@ function run(transformFile, paths, options) {
247247
}
248248
if (options.dry) {
249249
process.stdout.write(
250-
colors.green('Running in dry mode, no files will be written! \n')
250+
chalk.green('Running in dry mode, no files will be written! \n')
251251
);
252252
}
253253
}

yarn.lock

Lines changed: 39 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -511,6 +511,13 @@ ansi-styles@^3.2.0, ansi-styles@^3.2.1:
511511
dependencies:
512512
color-convert "^1.9.0"
513513

514+
ansi-styles@^4.1.0:
515+
version "4.3.0"
516+
resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-4.3.0.tgz#edd803628ae71c04c85ae7a0906edad34b648937"
517+
integrity sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==
518+
dependencies:
519+
color-convert "^2.0.1"
520+
514521
anymatch@^2.0.0:
515522
version "2.0.0"
516523
resolved "https://registry.yarnpkg.com/anymatch/-/anymatch-2.0.0.tgz#bcb24b4f37934d9aa7ac17b4adaf89e7c76ef2eb"
@@ -1015,6 +1022,14 @@ chalk@^2.0.1:
10151022
escape-string-regexp "^1.0.5"
10161023
supports-color "^5.3.0"
10171024

1025+
chalk@^4.1.2:
1026+
version "4.1.2"
1027+
resolved "https://registry.yarnpkg.com/chalk/-/chalk-4.1.2.tgz#aac4e2b7734a740867aeb16bf02aad556a1e7a01"
1028+
integrity sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==
1029+
dependencies:
1030+
ansi-styles "^4.1.0"
1031+
supports-color "^7.1.0"
1032+
10181033
chardet@^0.7.0:
10191034
version "0.7.0"
10201035
resolved "https://registry.yarnpkg.com/chardet/-/chardet-0.7.0.tgz#90094849f0937f2eedc2425d0d28a9e5f0cbad9e"
@@ -1090,21 +1105,28 @@ color-convert@^1.9.0:
10901105
dependencies:
10911106
color-name "1.1.3"
10921107

1108+
color-convert@^2.0.1:
1109+
version "2.0.1"
1110+
resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-2.0.1.tgz#72d3a68d598c9bdb3af2ad1e84f21d896abd4de3"
1111+
integrity sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==
1112+
dependencies:
1113+
color-name "~1.1.4"
1114+
10931115
10941116
version "1.1.3"
10951117
resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.3.tgz#a7d0558bd89c42f795dd42328f740831ca53bc25"
10961118
integrity sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=
10971119

1120+
color-name@~1.1.4:
1121+
version "1.1.4"
1122+
resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.4.tgz#c2a09a87acbde69543de6f63fa3995c826c536a2"
1123+
integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==
1124+
10981125
colorette@^1.2.2:
10991126
version "1.2.2"
11001127
resolved "https://registry.yarnpkg.com/colorette/-/colorette-1.2.2.tgz#cbcc79d5e99caea2dbf10eb3a26fd8b3e6acfa94"
11011128
integrity sha512-MKGMzyfeuutC/ZJ1cba9NqcNpfeqMUcYmyF1ZFY6/Cn7CNSAKx6a+s48sqLqyAiZuaP2TcqMhoo+dlwFnVxT9w==
11021129

1103-
colors@^1.1.2:
1104-
version "1.3.2"
1105-
resolved "https://registry.yarnpkg.com/colors/-/colors-1.3.2.tgz#2df8ff573dfbf255af562f8ce7181d6b971a359b"
1106-
integrity sha512-rhP0JSBGYvpcNQj4s5AdShMeE5ahMop96cTeDl/v9qQQm2fYClE2QXZRi8wLzc+GmXSxdIqqbOIAhyObEXDbfQ==
1107-
11081130
combined-stream@^1.0.6, combined-stream@~1.0.6:
11091131
version "1.0.7"
11101132
resolved "https://registry.yarnpkg.com/combined-stream/-/combined-stream-1.0.7.tgz#2d1d24317afb8abe95d6d2c0b07b57813539d828"
@@ -1944,6 +1966,11 @@ has-flag@^3.0.0:
19441966
resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-3.0.0.tgz#b5d454dc2199ae225699f3467e5a07f3b955bafd"
19451967
integrity sha1-tdRU3CGZriJWmfNGfloH87lVuv0=
19461968

1969+
has-flag@^4.0.0:
1970+
version "4.0.0"
1971+
resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-4.0.0.tgz#944771fd9c81c81265c4d6941860da06bb59479b"
1972+
integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==
1973+
19471974
has-symbols@^1.0.0:
19481975
version "1.0.1"
19491976
resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.1.tgz#9f5214758a44196c406d9bd76cebf81ec2dd31e8"
@@ -4136,6 +4163,13 @@ supports-color@^5.3.0:
41364163
dependencies:
41374164
has-flag "^3.0.0"
41384165

4166+
supports-color@^7.1.0:
4167+
version "7.2.0"
4168+
resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-7.2.0.tgz#1b7dcdcb32b8138801b3e478ba6a51caa89648da"
4169+
integrity sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==
4170+
dependencies:
4171+
has-flag "^4.0.0"
4172+
41394173
symbol-tree@^3.2.1:
41404174
version "3.2.2"
41414175
resolved "https://registry.yarnpkg.com/symbol-tree/-/symbol-tree-3.2.2.tgz#ae27db38f660a7ae2e1c3b7d1bc290819b8519e6"

0 commit comments

Comments
 (0)