`node-copy-paste` breaks on android (termux)

Created by: brysgo

When trying to create a new CRA project on android, node-copy-paste causes a crash because of a platform check.

Created by: brysgo

Confirmed with yarn link that the above PR fixes this.

Created by: gaearon

How do we use node-copy-paste?

Created by: brysgo

Not sure, I can investigate when I get some time.

Created by: Timer

JHaddad@W10LJHADDADSURF MINGW64 ~/Documents/Development/create-react-app (remove-cssm-docs)
$ yarn why copy-paste
yarn why v1.3.2
[1/4] Why do we have the module "copy-paste"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
info This module exists because "workspace-aggregator-5c248a94-35ae-4f58-8b1e-45e710c97334#create-react-app#envinfo
" depends on it.
Done in 1.06s.

Our new --info flag.

Created by: viankakrisna

https://github.com/xavi-/node-copy-paste/issues/61 will it affect CRA users?

Created by: bondz

snyk reports a vulnerability as a result of the module

snyk test create-react-app
✗ Medium severity vulnerability found on sync-exec@0.6.2
- desc: Insecure use of Tmp files
- info: https://snyk.io/vuln/npm:sync-exec:20160124
- from: create-react-app@1.5.0 > envinfo@3.10.0 > copy-paste@1.3.0 > sync-exec@0.6.2
Fix: None available. Consider removing this dependency.

Tested create-react-app for known vulnerabilities, found 1 vulnerability, 1 vulnerable path.

cc @tabrindle

Created by: bondz

A possible solution is to pin the envinfo version to 3.4.2, the clipboard option that is the cause of this issue and the added vulnerability would be mitigated. We currently do not use the cliboard option anyways.

Created by: tabrindle

If it's causing problems, it's an easy fix to remove the module upstream in envinfo.

Created by: gaearon

For now I'll cut a patch to create-react-app with https://github.com/facebookincubator/create-react-app/pull/3853 but happy to merge other solutions later.

Created by: gaearon

OK, 1.5.1 of the CLI is out and should pin the version. I'll keep this open so somebody can offer a better upstream solution (?)

Created by: tabrindle

Sorry about this guys.

Seems like there are two problems here - the vulnerability and the incompatibility with Termux - both are fixed by using a different module for envinfo's --clipboard option.

Doesn't look like node-copy-paste is very active, and sync-exec isn't getting fixed. Clipboardy has no known vulnerabilities, advertises compatibility with Termux, and works with node 4.

@brysgo I have pushed a new version of envinfo@3.11.0. Can you confirm that npx envinfo@3.11.0 --clipboard works, or at least does not break in the same place? I've never tested any of these things on Android Works on MacOS ¯_(ツ)_/¯

@gaearon As soon as we confirm this works, I'll make a PR to update the version of envinfo to 3.11.0.

Created by: gaearon

No worries, thanks for jumping on it.

Created by: brysgo

@tabrindle - Here is the output of the above command, doesn't blow up:

Created by: Timer

Fix up in !3859 (closed)