@architect/plugin-bundles - npm Package Compare versions

Comparing version 3.0.4 to 3.0.5

package.json

 {
   "name": "@architect/plugin-bundles",
-  "version": "3.0.4",
+  "version": "3.0.5",
   "description": "plugin-bundles Plugin for exposing bundled modules to the browser from your Architect project.",
@@ -5,0 +5,0 @@ "main": "src/plugins/bundles/index.js",

README.md

@@ -1,2 +0,2 @@
-`plugin-bundles
+# `plugin-bundles`
 Plugin for exposing bundled modules to the browser from your Architect project.
@@ -27,5 +27,6 @@
 yolo /lib/yolo.mjs
-``
+```
 
 Bundles are will now be available at `/_static/bundles/yolo.mjs`
-[If you have fingerprinting turned on then you can use `static.json` to look up the fingerprinted file name.](https://arc.codes/docs/en/guides/frontend/static-assets#fingerprint)
+
+>  🙌 [Turn fingerprinting on and use `static.json` to retrieve the fingerprinted file name.](https://arc.codes/docs/en/guides/frontend/static-assets#fingerprint)

src/plugins/bundles/index.js

 const path = require('path')
 const { build } = require('esbuild')
-const fs = require('fs')
 
@@ -24,4 +23,3 @@ const sandbox = {
 async function verify (arc) {
-  if (Array.isArray(arc.bundles) === false)
-    throw Error('missing or invalid @bundles pragma')
+  if (!arc.bundles) return
   for (let tuple of arc.bundles) {
@@ -47,2 +45,3 @@ if (Array.isArray(tuple)) {
 async function bundle (arc, inventory) {
+  if (!arc.bundles) return
   const pathToStatic = path.join(inventory._project.cwd, inventory?.static?.folder || 'public')
@@ -62,8 +61,4 @@ const pathToStaticBundles = path.join(pathToStatic, 'bundles')
   }
-  fs.writeFileSync(
-    path.join(pathToStatic, '.gitignore'),
-    'bundles'
-  )
 }
 
 module.exports = { sandbox, deploy }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Number of lines in readme file

32

increased by3.23%

Number of low supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

14843

decreased by-1.06%

Lines of code

56

decreased by-8.2%

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes