Fix for issue #220: npm audit returns 23 vulnerabilities (11 low, 8 high, 4 critical)

.travis.yml

@@ -1,8 +1,11 @@
 language: node_js
 node_js:
-  - 0.10
-  - 0.12
-  - iojs
+  # - 0.10
+  # - 0.12
+  # - iojs
+  - 6.14.4
+  - 8.12.0
+  - 10.11.0
 
 cache:
   directories:
@@ -15,4 +18,4 @@ env:
 
 script:
   - npm test
-  - gulp browserTest
+  - gulp browserTest

CHANGELOG.md

@@ -243,3 +243,13 @@ See [#122](https://github.com/jprichardson/string.js/pull/122) [#98](https://git
 * Added `includes` and `contains` methods
 
 [57]: https://github.com/jprichardson/string.js/pull/57
+
+Branch `address-npm-vulnerabilities`
+----------------------------------
+* Tried to clean out package vulnerabilities without breaking the tests
+* Updated Mocha to v 5.2.0
+* Updated Gulp to v 4.0.0
+* Replaced `gulp-browserify` with `gulp-bro` as the former is not supported anymore and its dependencies have vulnerabilities
+* Updated `gulp-mocha` to v 6.0.0. Mocha > v4 and gulp-mocha > v 4.1 both throw errors with `growl` if the notifier is not installed on your machine (but work otherwise). For this reason, I commented `growl: 1` out of the mocha pipe in the gulpfile but it can be included if wanted (on MacOS, run `$ sudo gem install terminal-notifier` in the terminal to install the notifier).
+* Changed `gulpfile.js` to accommodate these changes
+* npm audit returns 0 vulnerabilities

README.md

@@ -6,6 +6,13 @@
 
 [![Sauce Test Status](https://saucelabs.com/browser-matrix/stringjs.svg)](https://saucelabs.com/u/stringjs)
 
+>Note
+>----
+>This is a fork of [jprichardson/string.js](https://github.com/jprichardson/string.js.git) and the text below is entirely his. I have only updated some dependencies to remove vulnerabilities that were identified by NPM's audit. Travis builds successfully for Node 4, 6, 8 and 10 (but not earlier verions of Node or io.js). While the tests have passed and the package seems to work for me, the new dependencies may have broken something that I haven't found yet.
+>[Charles Rethman](https://github.com/chezearth)
+
+
+
 `string.js`, or simply `S` is a lightweight (**< 5 kb** minified and gzipped) JavaScript library for the browser or for Node.js that provides extra String methods. Originally, it modified the String prototype. But I quickly learned that in JavaScript, this is considered poor practice.
 
 
@@ -1137,6 +1144,7 @@ If you contribute to this library, just modify `string.js`, `string.test.js`, an
 - [*] [Alison Rowland](https://github.com/arowla)
 - [*] [Pascal Bihler](https://github.com/pbihler)
 - [*] [Daniel Diekmeier](https://github.com/danieldiekmeier)
+- [*] [Charles Rethman](https://github.com/chezearth)
 
 
 

dist/string.js

@@ -1,4 +1,4 @@
-!function(e){if("object"==typeof exports)module.exports=e();else if("function"==typeof define&&define.amd)define(e);else{var f;"undefined"!=typeof window?f=window:"undefined"!=typeof global?f=global:"undefined"!=typeof self&&(f=self),f.S=e()}}(function(){var define,module,exports;return (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);throw new Error("Cannot find module '"+o+"'")}var f=n[o]={exports:{}};t[o][0].call(f.exports,function(e){var n=t[o][1][e];return s(n?n:e)},f,f.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(_dereq_,module,exports){
+(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.S = f()}})(function(){var define,module,exports;return (function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){
 function count(self, substr) {
   var count = 0
   var pos = self.indexOf(substr)
@@ -12,7 +12,7 @@ function count(self, substr) {
 }
 
 module.exports = count
-},{}],2:[function(_dereq_,module,exports){
+},{}],2:[function(require,module,exports){
 function splitLeft(self, sep, maxSplit, limit) {
 
   if (typeof maxSplit === 'undefined') {
@@ -41,7 +41,7 @@ function splitLeft(self, sep, maxSplit, limit) {
 
 module.exports = splitLeft;
 
-},{}],3:[function(_dereq_,module,exports){
+},{}],3:[function(require,module,exports){
 function splitRight(self, sep, maxSplit, limit) {
 
   if (typeof maxSplit === 'undefined') {
@@ -74,7 +74,7 @@ function splitRight(self, sep, maxSplit, limit) {
 
 module.exports = splitRight;
 
-},{}],4:[function(_dereq_,module,exports){
+},{}],4:[function(require,module,exports){
 /*
 string.js - Copyright (C) 2012-2014, JP Richardson <[email protected]>
 */
@@ -198,7 +198,7 @@ string.js - Copyright (C) 2012-2014, JP Richardson <[email protected]>
     },
 
     count: function(ss) {
-      return _dereq_('./_count')(this.s, ss)
+      return require('./_count')(this.s, ss)
     },
 
     //#modified from https://github.com/epeli/underscore.string
@@ -430,11 +430,11 @@ string.js - Copyright (C) 2012-2014, JP Richardson <[email protected]>
     },
 
     splitLeft: function(sep, maxSplit, limit) {
-      return _dereq_('./_splitLeft')(this.s, sep, maxSplit, limit)
+      return require('./_splitLeft')(this.s, sep, maxSplit, limit)
     },
 
     splitRight: function(sep, maxSplit, limit) {
-      return _dereq_('./_splitRight')(this.s, sep, maxSplit, limit)
+      return require('./_splitRight')(this.s, sep, maxSplit, limit)
     },
 
     strip: function() {
@@ -1184,6 +1184,5 @@ string.js - Copyright (C) 2012-2014, JP Richardson <[email protected]>
 
 }).call(this);
 
-},{"./_count":1,"./_splitLeft":2,"./_splitRight":3}]},{},[4])
-(4)
-});
+},{"./_count":1,"./_splitLeft":2,"./_splitRight":3}]},{},[4])(4)
+});

gulpfile.js

@@ -2,7 +2,7 @@ var gulp = require('gulp'),
   uglify = require('gulp-uglify'),
   rimraf = require('gulp-rimraf'),
   rename = require('gulp-rename'),
-  browserify = require('gulp-browserify'),
+  bro = require('gulp-bro'),
   SRC = './lib/string.js',
   TEST_SRC = './test/string.test.js',
   mochify = require('mochify'),
@@ -11,9 +11,9 @@ var gulp = require('gulp'),
   SRC_COMPILED = 'string.js',
   MIN_FILE = 'string.min.js';
 
-gulp.task('browserify', function() {
+gulp.task('bro', function() {
   return gulp.src(SRC)
-    .pipe(browserify({
+    .pipe(bro({
       detectGlobals: true,
       standalone: 'S'
     }))
@@ -26,20 +26,23 @@ gulp.task('browserTest', function (done) {
     .bundle();
 });
 
-gulp.task('test', ['browserify'], function () {
+gulp.task('test', gulp.series('bro', function () {
   return gulp.src(TEST_SRC, {read: false})
-    .pipe(mocha({reporter: 'spec', growl: 1}));
-});
+    .pipe(mocha({
+        reporter: 'spec'
+      // , growl: 1
+    }));
+}));
 
 
 gulp.task('clean', function() {
   return gulp.src(DEST)
     .pipe(rimraf());
 });
 
-gulp.task('build', ['test', 'clean'], function() {
+gulp.task('build', gulp.series(['test', 'clean'], function() {
   gulp.src(DEST + '/' + SRC_COMPILED)
     .pipe(uglify())
     .pipe(rename(MIN_FILE))
     .pipe(gulp.dest(DEST));
-});
+}));