		import { BaseException } from '../src';
		/**
		* Exception thrown when a module could not be resolved.
		* @deprecated since version 8. Use `MODULE_NOT_FOUND` Node error code instead.
		*/
		@@ -11,2 +12,3 @@ export declare class ModuleNotFoundException extends BaseException {
		}
		/** @deprecated since version 8. Use `require.resolve` instead. */
		export interface ResolveOptions {
		@@ -44,6 +46,7 @@ /**
		}
		/** @deprecated since version 8. Use `require.resolve` instead. */
		export declare function setResolveHook(hook: ((x: string, options: ResolveOptions) => string \| null) \| null): void;
		/**
		* Resolve a package using a logic similar to npm require.resolve, but with more options.
		* @param x The package name to resolve.
		* @param packageName The package name to resolve.
		* @param options A list of options. See documentation of those options.
		@@ -53,3 +56,4 @@ * @returns {string} Path to the index to include, or if `resolvePackageJson` option was
		* @throws {ModuleNotFoundException} If no module with that name was found anywhere.
		* @deprecated since version 8. Use `require.resolve` instead.
		*/
		export declare function resolve(x: string, options: ResolveOptions): string;
		export declare function resolve(packageName: string, options: ResolveOptions): string;

+20

-12

node/resolve.js

		@@ -16,2 +16,3 @@ "use strict";
		* Exception thrown when a module could not be resolved.
		* @deprecated since version 8. Use `MODULE_NOT_FOUND` Node error code instead.
		*/
		@@ -70,2 +71,3 @@ class ModuleNotFoundException extends src_1.BaseException {
		let _resolveHook = null;
		/** @deprecated since version 8. Use `require.resolve` instead. */
		function setResolveHook(hook) {
		@@ -77,3 +79,3 @@ _resolveHook = hook;
		* Resolve a package using a logic similar to npm require.resolve, but with more options.
		* @param x The package name to resolve.
		* @param packageName The package name to resolve.
		* @param options A list of options. See documentation of those options.
		@@ -83,6 +85,7 @@ * @returns {string} Path to the index to include, or if `resolvePackageJson` option was
		* @throws {ModuleNotFoundException} If no module with that name was found anywhere.
		* @deprecated since version 8. Use `require.resolve` instead.
		*/
		function resolve(x, options) {
		function resolve(packageName, options) {
		if (_resolveHook) {
		const maybe = _resolveHook(x, options);
		const maybe = _resolveHook(packageName, options);
		if (maybe) {
		@@ -96,5 +99,5 @@ return maybe;
		options.paths = options.paths \|\| [];
		if (/^(?:\.\.?(?:\/\|$)\|\/\|([A-Za-z]:)?[/\\])/.test(x)) {
		let res = path.resolve(basePath, x);
		if (x === '..' \|\| x.slice(-1) === '/') {
		if (/^(?:\.\.?(?:\/\|$)\|\/\|([A-Za-z]:)?[\/\\])/.test(packageName)) {
		let res = path.resolve(basePath, packageName);
		if (packageName === '..' \|\| packageName.slice(-1) === '/') {
		res += '/';
		@@ -108,3 +111,3 @@ }
		else {
		const n = loadNodeModulesSync(x, basePath);
		const n = loadNodeModulesSync(packageName, basePath);
		if (n) {
		@@ -121,3 +124,3 @@ return n;
		try {
		return resolve(x, {
		return resolve(packageName, {
		...options,
		@@ -143,3 +146,3 @@ checkLocal: false,
		try {
		return resolve(x, {
		return resolve(packageName, {
		...options,
		@@ -159,3 +162,3 @@ checkLocal: false,
		}
		throw new ModuleNotFoundException(x, basePath);
		throw new ModuleNotFoundException(packageName, basePath);
		function loadAsFileSync(x) {
		@@ -197,7 +200,7 @@ if (fs_1.isFile(x)) {
		for (const dir of dirs) {
		const m = loadAsFileSync(path.join(dir, '/', x));
		const m = loadAsFileSync(path.join(dir, x));
		if (m) {
		return m;
		}
		const n = loadAsDirectorySync(path.join(dir, '/', x));
		const n = loadAsDirectorySync(path.join(dir, x));
		if (n) {
		@@ -248,2 +251,7 @@ return n;
		}, []);
		if (process.env.NG_TEMP_MODULES_DIR) {
		// When running from a temporary installations, node_modules have to be resolved
		// differently and they should be prefered over others.
		dirs.unshift(process.env.NG_TEMP_MODULES_DIR);
		}
		return opts && opts.paths ? dirs.concat(opts.paths) : dirs;
		@@ -250,0 +258,0 @@ }

+1

-1

package.json

		{
		"name": "@angular-devkit/core",
		"version": "8.3.12",
		"version": "8.3.13",
		"description": "Angular DevKit - Core Utility Library",
		@@ -5,0 +5,0 @@ "main": "src/index.js",

+4

-2

src/index.d.ts

		@@ -12,3 +12,3 @@ /**
		import * as logging from './logger/index';
		import * as terminal from './terminal/index';
		import * as ɵterminal from './terminal/index';
		import * as workspaces from './workspace';
		@@ -19,2 +19,4 @@ export * from './exception/exception';
		export * from './virtual-fs/index';
		export { analytics, experimental, json, logging, terminal, workspaces, };
		/** @deprecated since version 8 - Instead use other 3rd party libraries like `colors` and `chalk`. */
		export declare const terminal: typeof ɵterminal;
		export { analytics, experimental, json, logging, workspaces, };

+3

-2

src/index.js

		@@ -21,4 +21,3 @@ "use strict";
		exports.logging = logging;
		const terminal = require("./terminal/index");
		exports.terminal = terminal;
		const ɵterminal = require("./terminal/index");
		const workspaces = require("./workspace");
		@@ -30,1 +29,3 @@ exports.workspaces = workspaces;
		__export(require("./virtual-fs/index"));
		/** @deprecated since version 8 - Instead use other 3rd party libraries like `colors` and `chalk`. */
		exports.terminal = ɵterminal;

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Uses eval

Supply chain risk

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

@angular-devkit/core - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics