Is this project still alive - unfixed critical vulnerabilities in dependencies

[BePo65]

Running npm audit lists many vulnerabilities:

19 vulnerabilities (5 moderate, 6 high, 8 critical)

Since there are pull requests still open fixing some of these issues dating from 2022, it seems that this project is abandoned.

@indexzero : is it worth creating a fix for these issues? I would do this, only if we have a chance to get this project up to date on npmjs too.

[MikeMcC399]

@nelsonic

Please clarify if you are accepting PRs for this repo. In a reply to #61 you wrote that you can merge PRs, so it sounds like you have write privileges to the repo. Is that correct?

On the other hand there is a queue of PRs which have not been merged and the last merge into the master branch was 2b6476c in November 2018 which is now 6 years ago, so it does not look as though there is any readiness to do routine maintenance to the repo.

[nelsonic]

@MikeMcC399, I was granted write access back in the day. ✍️
So can assist with maintenance. 🧹
Starting with the CI side-quest: #61

[MikeMcC399]

As discussed elsewhere, the last release was https://github.com/indexzero/ps-tree/releases/tag/1.2.0 in Nov 2018, so the answer is effectively that the project is no longer maintained if it does not have the ability to trigger new releases.

See also the npm registry version list https://www.npmjs.com/package/ps-tree?activeTab=versions

[indexzero]

This project is not dead. It's simply that – as John Lennon would say – "Open Source is what happens when you're busy making other plans."

Contributions are always welcome, but please forgive delays in my response. I started this project when I was single. I now have three kids.

I get many emails for Github issues which makes it hard to parse out the signal from the noise. Recently, I created a new email address for npm only which is npm@charlie.dev. If you need my attention that's the best place to get it <3

[MikeMcC399]

@indexzero

Welcome back!

• ps-tree on Windows 11 24H2 crashes - wmic not part of windows any more #58 would be the critical issue to resolve and to release a fix for

[MikeMcC399]

Despite the post of @indexzero last month, there has been no objective change in the status of this npm package. The latest release on the npm registry is still 1.2.0, published on Nov 26, 2018, which the npm UI displays as being 7 years ago.

The last merge to the master branch was 635e1c3 based on a PR that I provided in December 2024.

This does not look like an "active" project would look.