tiennm99/rubik
1
0
Fork 0
mirror of https://github.com/tiennm99/rubik.git synced 2026-06-05 08:14:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4447397f28f4b1004e4df0bc0bb2ab9e5514c1db
rubik/package.json
T
tiennm99 aeb3900f85 chore(deps): override cubejs's bundled npm@6 → npm@11 to clear all 39 audit alerts 
cubejs@1.3.2 declares `npm@^6.0.0` as a runtime dependency (vestigial — the
solver never requires('npm') at runtime). The bundled npm@6 transitively
pulls in 39 vulnerable subpackages (1 critical, 27 high, 10 moderate)
flagged by Dependabot.

Force the override to npm@^11.14.1 which has all CVEs patched. Verified:
solver test still passes (cubejs Kociemba API unchanged), full suite green,
build clean, `npm audit` reports 0 vulnerabilities.

Downgrading cubejs to 1.1.0 was tried and rejected — that version predates
the Kociemba solver (no Cube.initSolver / cube.solve API).
2026-05-09 11:41:24 +07:00

42 lines
1.1 KiB
JSON
Raw Blame History

{
"name": "rubik",
"description": "Interactive 3D Rubik's 3x3 cube simulator in the browser (Three.js + Svelte)",
"version": "0.1.0",
"type": "module",
"repository": {
"type": "git",
"url": "git+https://github.com/tiennm99/rubik.git"
},
"author": "tiennm99",
"license": "Apache-2.0",
"licenseUrl": "https://www.apache.org/licenses/LICENSE-2.0",
"bugs": {
"url": "https://github.com/tiennm99/rubik/issues"
},
"homepage": "https://tiennm99.github.io/rubik/",
"scripts": {
"dev": "vite --config vite/config.dev.mjs",
"dev:codeserver": "vite --config vite/config.codeserver.mjs",
"build": "vite build --config vite/config.prod.mjs",
"preview": "vite preview --config vite/config.prod.mjs",
"test": "vitest run",
"test:watch": "vitest"
},
"dependencies": {
"@tweenjs/tween.js": "^25.0.0",
"cubejs": "^1.3.2",
"three": "^0.171.0"
},
"devDependencies": {
"@sveltejs/vite-plugin-svelte": "^5.0.3",
"svelte": "^5.19.0",
"vite": "^6.3.6",
"vitest": "^4.1.5"
},
"overrides": {
"cubejs": {
"npm": "^11.14.1"
}
}
}
Reference in New Issue View Git Blame Copy Permalink