mirror of
https://github.com/tiennm99/sokoban.git
synced 2026-06-06 22:12:58 +00:00
tiennm99
f0490682ab
Workbox/vite-plugin-pwa pull in @rollup/plugin-terser, which depends on older serialize-javascript versions with a known RCE/DoS chain. Overriding to >=7.0.5 surgically clears the chain without dropping vite-plugin-pwa to the 0.19.x major. npm audit now reports 0 vulnerabilities; build is unaffected (build-only deps).
32 lines
879 B
JSON
32 lines
879 B
JSON
{
|
|
"name": "sokoban",
|
|
"description": "A simple Sokoban game built with Svelte 5 and Vite",
|
|
"version": "1.0.0",
|
|
"type": "module",
|
|
"repository": {
|
|
"type": "git",
|
|
"url": "git+https://github.com/tiennm99/sokoban.git"
|
|
},
|
|
"author": "tiennm99",
|
|
"license": "Apache-2.0",
|
|
"licenseUrl": "https://www.apache.org/licenses/LICENSE-2.0",
|
|
"bugs": {
|
|
"url": "https://github.com/tiennm99/sokoban/issues"
|
|
},
|
|
"homepage": "https://tiennm99.github.io/sokoban/",
|
|
"scripts": {
|
|
"dev": "vite --config vite/config.dev.mjs",
|
|
"dev:codeserver": "vite --config vite/config.codeserver.mjs",
|
|
"build": "vite build --config vite/config.prod.mjs"
|
|
},
|
|
"devDependencies": {
|
|
"@sveltejs/vite-plugin-svelte": "^5.0.3",
|
|
"svelte": "^5.19.0",
|
|
"vite": "^6.4.2",
|
|
"vite-plugin-pwa": "^1.2.0"
|
|
},
|
|
"overrides": {
|
|
"serialize-javascript": ">=7.0.5"
|
|
}
|
|
}
|