github actions ,npm 404 ERROR

npm ERR! code E404
npm ERR! 404 Not Found - GET https://cdn.npmmirror.com/packages/filelist/1.0.2/filelist-1.0.2.tgz
npm ERR! 404 
npm ERR! 404  'filelist@https://registry.nlark.com/filelist/download/filelist-1.0.2.tgz' is not in this registry.

NexusIQ reports a security vulnerability (sonatype-2021-0457) with v1.0.3... "The filelist and utilities packages are vulnerable to Prototype Pollution. The merge function in the respective index.js and object.js files allows for access to object prototype properties. An attacker can exploit this to override the behavior of object prototypes, resulting in a possible Denial of Service (DoS), Remote Code Execution (RCE), or other unexpected behavior." It has been blocked for use with our applications, which is unfortunate because it's necessary for react to work. Please take a look! (Thanks in advance)

Is it possible to add an option for insensitive case to include() et exclude() methods ?

Currently :

const FL = new FileList
FL.include('**/*.jpg', ) // Only accept .jpg

With insensitive case option :

const FL = new FileList
FL.include('**/*.jpg', { nocase: true }) // Accept .jpg, .JPG, .Jpg, etc...```

Quite simply, * and ** based matches fail to work on windows.

Ironically, this actually prevents the tests from running on windows, because the '*' character is used to find tests.

To reproduce the failure, simply modify the jake file to explicitly run the test file my name by editing this line:

and replace with this.testFiles.include('test/filelist.js');

Once the tests actually run on windows, the following test output will be displayed:

> yarn test
yarn run v1.22.17
$ jake test
Starting 'test'...
jake aborted.
AssertionError [ERR_ASSERTION]: 0 == 2
    at Task.path separator can be used by exclude (C:\Users\markg\Software\filelist\test\filelist.js:32:12)
    at Task.action (C:\Users\markg\Software\filelist\node_modules\jake\lib\test_task.js:173:22)
    at Task.run (C:\Users\markg\Software\filelist\node_modules\jake\lib\task\task.js:325:29)
    at processImmediate (internal/timers.js:464:21)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

The root problem is the use of path.normalize here, on the query, right before passing the pattern to minimatch:

A quick test shows removing this normalization causes tests to pass. However, I think normalization is still needed for handling other path fixups, and instead the same fixup used by globSync should be used after normalization to switch back to Unix path separators.

I'll get a PR open shortly.