chore: update npm lockfile to v3

[MikeMcC399]

Issue

The npm lockfile package-lock.json uses the outdated "lockfileVersion": 1.

npm documentation for lockfileversion shows the lockfile version as follows:

1: The lockfile version used by npm v5 and v6.
2: The lockfile version used by npm v7 and v8. Backwards compatible to v1 lockfiles.
3: The lockfile version used by npm v9 and above. Backwards compatible to npm v7.

npm is bundled with Node.js. The Node.js release schedule shows that Node.js 18 to 23 are currently supported.

The package-lock.json lockfile is committed to the repository, however it is never published as part of the npm package. It is only used by Contributors and CI workflows.

The workflow ci-test.yml runs with a minimum npm v10.8.2 according to workflow logs, so lockfile version 3 should be used.

Change

1. Update the npm lockfile package-lock.json from "lockfileVersion": 1 to "lockfileVersion": 3.
2. Use npm audit fix to fix critical vulnerabilities in locked versions

npm install --lockfile-version=3
npm audit fix

[nelsonic]

I've had a read through all the lines in this PR and it LGTM. 👌
But worth getting at least one other person to approve before merging. 💭

CC: @indexzero 🤞

[MikeMcC399]

@nelsonic

I've had a read through all the lines in this PR and it LGTM. 👌

The CI runs also confirm that it works.

But worth getting at least one other person to approve before merging. 💭

Are there currently any other active maintainers for this repo apart from yourself?

[nelsonic]

@MikeMcC399 good question. I don't have visibility of the access to the repo so can't say. 🤷‍♂️
But remember that in terms of getting a new version published to NPM; @indexzero is your man: https://www.npmjs.com/package/ps-tree 👌

[MikeMcC399]

@nelsonic

good question. I don't have visibility of the access to the repo so can't say. 🤷‍♂️ But remember that in terms of getting a new version published to NPM; @indexzero is your man: https://www.npmjs.com/package/ps-tree 👌

If there is no response from @indexzero I will assume that this package is no longer maintained. Merging changes into the default branch is only useful if there is a means to release a new package to the npm registry at an appropriate time.

$ npm owner ls ps-tree
indexzero <[email protected]>

[MikeMcC399]

@nelsonic

There hasn't been any feedback from @indexzero so far, so the outlook for maintaining this repo does not look good.

[nelsonic]

@MikeMcC399 maybe look at what Charlie has been contributing to 🔍
over the last couple of months: https://github.com/mikeal/cancer-diaries 🤒 😢
Mikeal is a good+old friend of his; ❤️
so probably has lot on his mind right now. 💭
I'd give him some space/time ... ⏳
even if that means temporarily forking the repo and using your version e.g:

{
"dependencies": {
    "ps-tree": "https://github.com/yourname/ps-tree-2025"
  }
}

Ref: https://www.warp.dev/terminus/npm-install-from-github

I know that doesn't work for packages that depend on ps-tree. 🌳
Sorry I cannot help further right now. 😞
Hope you are well and 2025 is good to you. ☀️

[MikeMcC399]

@nelsonic

Thank you for your New Year's wishes! The same to you too!

As far as the participation of the owner of the repo is concerned, unless they respond themselves here, at least with a short note, there is no way of knowing whether they are temporarily or permanently absent. Any assumptions are speculation.

Since this PR itself is trivial and easily set up again, I am going to close it now due to lack of progress and uncertain outcome.