fix(ARCH-662): request security issue (#4650)

Author: jmfrancois

.changeset/clean-grapes-invite.md

@@ -0,0 +1,5 @@
+---
+'@talend/scripts-publish-local': minor
+---
+
+feat: use npx to execute verdaccio.

tools/scripts-publish-local/package.json

@@ -13,8 +13,7 @@
   "dependencies": {
     "cross-spawn": "^7.0.3",
     "generate-password": "^1.7.0",
-    "rimraf": "^3.0.2",
-    "verdaccio": "^5.20.1"
+    "rimraf": "^3.0.2"
   },
   "author": "Talend Frontend <[email protected]> (http://www.talend.com)",
   "license": "Apache-2.0",

tools/scripts-publish-local/src/cmd.js

@@ -1,3 +1,4 @@
+/* eslint-disable no-console */
 /* eslint-disable-next-line import/no-extraneous-dependencies */
 const spawn = require('cross-spawn');
 const fs = require('fs');

tools/scripts-publish-local/src/git.js

@@ -1,3 +1,4 @@
+/* eslint-disable no-console */
 const os = require('os');
 const cmd = require('./cmd');
 

tools/scripts-publish-local/src/npm.js

@@ -1,3 +1,4 @@
+/* eslint-disable no-console */
 const fs = require('fs');
 const os = require('os');
 const path = require('path');

tools/scripts-publish-local/src/verdaccio.js

@@ -1,3 +1,4 @@
+/* eslint-disable no-console */
 const fs = require('fs');
 const os = require('os');
 const rimraf = require('rimraf');
@@ -53,7 +54,7 @@ async function start() {
 	console.log('verdaccio.start');
 	return new Promise(resolve => {
 		generateConfig();
-		cmd.run(`verdaccio --config ${VERDACCIO_CONFIG_FILE}`, {
+		cmd.run(`npx --yes verdaccio --config ${VERDACCIO_CONFIG_FILE}`, {
 			interactive: verdaccio => {
 				verdaccio.stdout.on('data', data => {
 					if (data.includes('http address')) {