sudo-prompt is unmaintained and deprecated

[jayvdb]

Pre-flight checklist

• I have read the contribution documentation for this project.
• I agree to follow the code of conduct that this project uses.
• I have searched the issue tracker for a feature request that matches the one I want to file, without success.

Problem description

I think it is fairly common security best practise to avoid dependencies that are unmaintained / deprecated.

https://www.npmjs.com/package/sudo-prompt is marked deprecated with "Author message": Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.

All versions are deprecated at https://www.npmjs.com/package/sudo-prompt?activeTab=versions

Its repo https://github.com/jorangreef/sudo-prompt was archived on Sep 24, 2021

There are no vulns listed against it at https://osv.dev/list?q=sudo-prompt&ecosystem=

and none of the old issues at https://github.com/jorangreef/sudo-prompt/issues?q=sort%3Aupdated-desc+is%3Aissue+is%3Aopen scream CVE.

Proposed solution

Replace sudo-prompt with an alternative.

Alternatives considered

Interestingly #58 proposed an alternative, but it was rejected.

Additional information

No response

[malept]

The alternative from #58 was rejected for missing macOS support, which the linked issue is still open. So that's still not a viable alternative.

There's no reason why we can't use sudo-prompt for the time being while it still works for what we use it, if no one comes up with a workable alternative.

[jayvdb]

Does this suggest that it was yanked by NPM themselves, and not the author?

Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.

If so, that sounds bad.