bin-wrapper uses bin-check (6 years old now) which uses execa 0.x that has security issues

[eturino]

Recently the bin-wrapper dependency was added, which then was modified to use the @mole-inc fork since that one is maintained.

This still uses bin-check which depends on execa 0.7 which has a vulnerability (OS Command Injection in execa)

https://www.npmjs.com/package/bin-check
https://www.npmjs.com/package/execa

I've opened a ticket with mole-inc to see if they can fork bin-check as well and remove that old dependency mole-inc/bin-wrapper#10

[mpsanchis]

I would be interested in this as well

[thekhegay]

#291

Also,execa is used in many other packages, and uses cross-spawn (sindresorhus/execa#578)