Skip to content

@oclif/plugin-plugins is using outdated package @npmcli/move-file #1224

New issue
New issue
Open
Open
@oclif/plugin-plugins is using outdated package @npmcli/move-file#1224
Labels
enhancementNew feature or requestnext majorThis will be address in the next major version.
@prasad0612

Description

@prasad0612
prasad0612
opened on Oct 13, 2025

Describe the bug
Our thirdparty code scan flagged a security vulnerability that @oclif/plugin-plugins -> npm -> @npmcli/arberos -> @npmcli/move-file has reached end of life. I tried installing latest @oclif/plugin-plugins but it is still downloading @npmcli/move-file into node_modules folder.

To Reproduce
Steps to reproduce the behavior:
Just install latest @oclif/plugin-plugins and check node_modules folder for @npmcli/move-file library.

Expected behavior
@oclif/plugin-plugins should not use @npmcli/move-file, it should use @npmcli/fs. Or upgrade npm dependency may be.

Screenshots
If applicable, add screenshots to help explain your problem.

Environment (please complete the following information):

  • OS & version: Any OS.

Additional context
Add any other context about the problem here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestnext majorThis will be address in the next major version.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions