[FEATURE] Recent update warning

[IchiiDev]

This feature was suggested by Issue #80, I have implemented it on my fork.
What has been asked is basically to add a warning if a package was pushed recently, to prevent package hijacking and malwares.

What I have done to implement it:

1. Everytime a dependency is prompted, it will fetch https://registry.npmjs.com/:package to fetch the version's publication date
2. Will check if 3 days have passed since the last publish
3. If not then it will throw an error, a warning or an info telling the user the package was pushes recently and that they should be careful when upgrading.

This has been tested with some recently pushed packages and it works as expected. I will be available during the next few days to edit if any review requires changes.

[houd1ni]

hi, @IchiiDev !
PRs here are quite stuck, hence maybe make an independent project began from the fork ? Seems that this one could be a nice start.
I have a huge issue when being at bad network environments and almost cannot npm-upgrade at all, therefore willin' to commit some code into there asap.

[IchiiDev]

I'm going to send an email directly to @th0r to suggest giving ownership/management to someone else, both on the NPM registery and GitHub. If no answers ensues I will try and send a ticket to NPM's support to request ownership due to inactivity. 😄

[houd1ni]

I'm going to send an email directly to @th0r to suggest giving ownership/management to someone else, both on the NPM registery and GitHub. If no answers ensues I will try and send a ticket to NPM's support to request ownership due to inactivity. 😄

Nice! Tag me here, please, with any news!

[houd1ni]

@IchiiDev salut! Any news ?

[ImLunaHey]

@IchiiDev any chance you'd be able to reopen this and check it works with the latest version?

[IchiiDev]

I could check, I just saw that @th0r reacted in the referenced Issue, so I'll open it again if they are willing to take a look at the changes if up to date. I closed the PR due to previous inactivity.

[IchiiDev]

Still works as intended 3 years ago 😄

Aside from some ESLint errors I just fixed, nothing to report here. Waiting for review. (see #80)

[IchiiDev]

Will check this tomorrow

[ImLunaHey]

what're you actually trying to do because this just doesn't look right?

[IchiiDev]

I am adding every promises to the object so that they can resolve in the background and be awaited once needed in the loop.

[ImLunaHey]

that's not really how promises work. nothing will resolve until they're awaited.

[IchiiDev]

that's not really how promises work. nothing will resolve until they're awaited.

What would be the best way to approach this issue then?

[ImLunaHey]

what're you actually trying to do?

[drillskibo]

@IchiiDev awaiting answer here 😁

[IchiiDev]

Well, I was actually waiting for someone to give some pointers on the issue, but work on the side didn't leave me much time to fix this PR.

Maybe if someone could give me any actual clue instead of asking me what I want to do? After two years I kind of gave up on the actual thing and kept the PR open out of courtesy to not throw everything in the trash.

So would anyone have any clue on how to implement the background resolution of promises the proper way?

[ImLunaHey]

the reason im asking is because i dont see why you need to do any of this background stuff. just resolve it as is.

[IchiiDev]

@th0r asked for it, to reduce latency after each prompt.