Shelljs use in Serverless

Hello, I’m using the tool snyk to monitor my application for security vulnerabilities. It’s concerned about the shelljs package that Serverless has as a dependency.

As you can see here the issue is around the shell.exec() function, which I can’t find being used in Serverless. Therefore, I think the vulnerability can be safely ignored. However, because shelljs is imported globally, I can’t actually figure out if it’s used at all.

Can anyone provide insight on where functions from shelljs are used in Serverless and whether it can be removed as a dependency?

1 Like

Bumping this again to see if anyone knows. If not, I’ll open an issue in Github :slight_smile: