@appsignal/cli - npm Package Compare versions

Comparing version 1.2.7 to 1.2.8

CHANGELOG.md

 # AppSignal CLI changelog
 
+## 1.2.8
+
+_Published on 2024-01-19._
+
+### Changed
+
+- [1047390](https://github.com/appsignal/appsignal-javascript/commit/104739094e76594109a0cecb6da806eb9cb8c974) patch - Warn about Push API key being committed in the AppSignal config file and recommend using system environment variables instead.
+
 ## 1.2.7
@@ -4,0 +12,0 @@

dist/installers/node/index.js

@@ -76,3 +76,3 @@ "use strict";
     return __awaiter(this, void 0, void 0, function () {
-        var _a, pushApiKey, name, isUsingYarn, method, filename, overwrite, configExists, useConfigFile;
+        var _a, pushApiKey, name, isUsingYarn, method, filename, overwrite, configExists, useConfigFile, pushApiKeyConfig;
         return __generator(this, function (_b) {
@@ -148,2 +148,10 @@ switch (_b.label) {
                         console.log("Writing ".concat(filename, " configuration file."));
+                        pushApiKeyConfig = "";
+                        if (useConfigFile) {
+                            pushApiKeyConfig =
+                                "  // Your app's AppSignal Push API key. We don't recommend committing this key.\n" +
+                                    "  // Set the Push API key using a system environment variable.\n" +
+                                    "  // pushApiKey: process.env.APPSIGNAL_PUSH_API_KEY,\n" +
+                                    "  pushApiKey: \"".concat(pushApiKey, "\",\n");
+                        }
                         fs.writeFileSync(path.join(dir, filename), "const { Appsignal } = require(\"@appsignal/nodejs\");\n\n" +
@@ -153,3 +161,3 @@ "new Appsignal({\n" +
                             "  name: \"".concat(name, "\",\n") +
-                            (useConfigFile ? "  pushApiKey: \"".concat(pushApiKey, "\",\n") : "") +
+                            pushApiKeyConfig +
                             "});\n");
@@ -156,0 +164,0 @@ }

package.json

 {
   "name": "@appsignal/cli",
-  "version": "1.2.7",
+  "version": "1.2.8",
   "main": "./dist/index",
@@ -5,0 +5,0 @@ "repository": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

58061

increased by5.1%

Number of package files

36

increased by12.5%

Lines of code

550

increased by3.77%

Worsened metrics

Number of low supply chain risk alerts

14

increased by7.69%

No dependency changes