@aws-cdk-testing/cli-integ - npm Package Compare versions

Comparing version 3.29.0 to 3.29.1

resources/cdk-apps/nested-stack-with-fn-join-export/app.js

+const cdk = require('aws-cdk-lib');
+const { aws_cloudformation: cfn, aws_sns: sns, aws_ssm: ssm } = cdk;
+
+/**
+ * Reproduces https://t.corp.amazon.com/D423570178
+ *
+ * When IncludeNestedStacks is true, CloudFormation validates all nested stacks
+ * together. Export names using Fn::Join with a runtime reference get collapsed
+ * to the placeholder {{IntrinsicFunction://Fn::Join}}, causing a false
+ * "duplicate Export names" error when 2+ such exports exist across nested stacks.
+ */
+
+class NestedStackWithFnJoinExports extends cfn.NestedStack {
+  constructor(scope, id, props) {
+    super(scope, id, props);
+    const topic = new sns.Topic(this, 'Topic');
+    new cdk.CfnOutput(this, 'ExportArn', {
+      value: topic.topicArn,
+      exportName: cdk.Fn.join(':', [props.runtimeRef, 'GetAtt', id, 'Arn']),
+    });
+    new cdk.CfnOutput(this, 'ExportName', {
+      value: topic.topicName,
+      exportName: cdk.Fn.join(':', [props.runtimeRef, 'GetAtt', id, 'Name']),
+    });
+  }
+}
+
+class NestedStacksFnJoinExportStack extends cdk.Stack {
+  constructor(scope, id, props) {
+    super(scope, id, props);
+    // SSM parameter name is a runtime reference (not known at validation time)
+    const param = new ssm.StringParameter(this, 'Param', { stringValue: 'value' });
+    new NestedStackWithFnJoinExports(this, 'Nested1', { runtimeRef: param.parameterName });
+    new NestedStackWithFnJoinExports(this, 'Nested2', { runtimeRef: param.parameterName });
+  }
+}
+
+const app = new cdk.App();
+
+const stackPrefix = process.env.STACK_NAME_PREFIX;
+if (!stackPrefix) {
+  throw new Error('the STACK_NAME_PREFIX environment variable is required');
+}
+
+new NestedStacksFnJoinExportStack(app, `${stackPrefix}-nested-stacks-fn-join-export`);
+app.synth();

resources/cdk-apps/nested-stack-with-fn-join-export/cdk.json

+{
+  "app": "node app.js",
+  "versionReporting": false,
+  "context": {
+    "aws-cdk:enableDiffNoFail": "true"
+  }
+}

tests/cli-integ-te...acks-with-fn-join-export.integtest.d.ts

+export {};

tests/cli-integ-te...stacks-with-fn-join-export.integtest.js

+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const lib_1 = require("../../../lib");
+(0, lib_1.integTest)('deploy nested stacks with Fn::Join export names', (0, lib_1.withSpecificFixture)('nested-stack-with-fn-join-export', async (fixture) => {
+    // This should succeed. With IncludeNestedStacks:true, CloudFormation
+    // incorrectly reports duplicate export names when multiple nested stacks
+    // use Fn::Join with the same runtime reference to build export names.
+    await fixture.cdkDeploy('nested-stacks-fn-join-export', { captureStderr: false });
+}));
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2RrLWRlcGxveS1uZXN0ZWQtc3RhY2tzLXdpdGgtZm4tam9pbi1leHBvcnQuaW50ZWd0ZXN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiY2RrLWRlcGxveS1uZXN0ZWQtc3RhY2tzLXdpdGgtZm4tam9pbi1leHBvcnQuaW50ZWd0ZXN0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsc0NBQThEO0FBRTlELElBQUEsZUFBUyxFQUNQLGlEQUFpRCxFQUNqRCxJQUFBLHlCQUFtQixFQUFDLGtDQUFrQyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtJQUN4RSxxRUFBcUU7SUFDckUseUVBQXlFO0lBQ3pFLHNFQUFzRTtJQUN0RSxNQUFNLE9BQU8sQ0FBQyxTQUFTLENBQUMsOEJBQThCLEVBQUUsRUFBRSxhQUFhLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQztBQUNwRixDQUFDLENBQUMsQ0FDSCxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgaW50ZWdUZXN0LCB3aXRoU3BlY2lmaWNGaXh0dXJlIH0gZnJvbSAnLi4vLi4vLi4vbGliJztcblxuaW50ZWdUZXN0KFxuICAnZGVwbG95IG5lc3RlZCBzdGFja3Mgd2l0aCBGbjo6Sm9pbiBleHBvcnQgbmFtZXMnLFxuICB3aXRoU3BlY2lmaWNGaXh0dXJlKCduZXN0ZWQtc3RhY2std2l0aC1mbi1qb2luLWV4cG9ydCcsIGFzeW5jIChmaXh0dXJlKSA9PiB7XG4gICAgLy8gVGhpcyBzaG91bGQgc3VjY2VlZC4gV2l0aCBJbmNsdWRlTmVzdGVkU3RhY2tzOnRydWUsIENsb3VkRm9ybWF0aW9uXG4gICAgLy8gaW5jb3JyZWN0bHkgcmVwb3J0cyBkdXBsaWNhdGUgZXhwb3J0IG5hbWVzIHdoZW4gbXVsdGlwbGUgbmVzdGVkIHN0YWNrc1xuICAgIC8vIHVzZSBGbjo6Sm9pbiB3aXRoIHRoZSBzYW1lIHJ1bnRpbWUgcmVmZXJlbmNlIHRvIGJ1aWxkIGV4cG9ydCBuYW1lcy5cbiAgICBhd2FpdCBmaXh0dXJlLmNka0RlcGxveSgnbmVzdGVkLXN0YWNrcy1mbi1qb2luLWV4cG9ydCcsIHsgY2FwdHVyZVN0ZGVycjogZmFsc2UgfSk7XG4gIH0pLFxuKTtcbiJdfQ==

package.json

@@ -42,3 +42,3 @@ {
   "devDependencies": {
-    "@aws-cdk/toolkit-lib": "1.21.0",
+    "@aws-cdk/toolkit-lib": "1.21.1",
     "@aws-cdk/yarn-cling": "0.0.0",
@@ -119,5 +119,5 @@ "@cdklabs/eslint-plugin": "^1.5.9",
   },
-  "version": "3.29.0",
+  "version": "3.29.1",
   "types": "lib/index.d.ts",
   "//": "~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\"."
 }

tests/cli-integ-te...-updates-for-nested-stacks.integtest.js

@@ -6,5 +6,5 @@ "use strict";
 (0, lib_1.integTest)('deploy skips unnecessary updates for nested stacks', (0, lib_1.withDefaultFixture)(async (fixture) => {
-    // Deploy a stack with nested stacks. With IncludeNestedStacks, CloudFormation
-    // can accurately detect whether nested stacks have actual changes, rather than
-    // always reporting them as needing an update.
+    // we are using a stack with a nested stack because CFN will always attempt to
+    // update a nested stack, which will allow us to verify that updates are actually
+    // skipped unless --force is specified.
     const stackArn = await fixture.cdkDeploy('with-nested-stack', { captureStderr: false });
@@ -16,9 +16,6 @@ const changeSet1 = await getLatestChangeSet();
     expect(changeSet2.ChangeSetId).toEqual(changeSet1.ChangeSetId);
-    // Deploy the stack again with --force. CloudFormation creates a changeset but
-    // accurately reports no changes (including in nested stacks), so the changeset
-    // is not executed and the stack's ChangeSetId remains the same.
-    const forceOutput = await fixture.cdk(fixture.cdkDeployCommandLine('with-nested-stack', { options: ['--force'] }));
-    expect(forceOutput).toContain('CloudFormation reported that the deployment would not make any changes');
+    // Deploy the stack again with --force, now we should create a changeset
+    await fixture.cdkDeploy('with-nested-stack', { options: ['--force'] });
     const changeSet3 = await getLatestChangeSet();
-    expect(changeSet3.ChangeSetId).toEqual(changeSet2.ChangeSetId);
+    expect(changeSet3.ChangeSetId).not.toEqual(changeSet2.ChangeSetId);
     // Deploy the stack again with tags, expected to create a new changeset
@@ -38,2 +35,2 @@ // even though the resources didn't change.
 }));
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2RrLWRlcGxveS1za2lwcy11bm5lY2Vzc2FyeS11cGRhdGVzLWZvci1uZXN0ZWQtc3RhY2tzLmludGVndGVzdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbImNkay1kZXBsb3ktc2tpcHMtdW5uZWNlc3NhcnktdXBkYXRlcy1mb3ItbmVzdGVkLXN0YWNrcy5pbnRlZ3Rlc3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSwwRUFBdUU7QUFDdkUsc0NBQTZEO0FBRTdELElBQUEsZUFBUyxFQUNQLG9EQUFvRCxFQUNwRCxJQUFBLHdCQUFrQixFQUFDLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtJQUNuQyw4RUFBOEU7SUFDOUUsK0VBQStFO0lBQy9FLDhDQUE4QztJQUM5QyxNQUFNLFFBQVEsR0FBRyxNQUFNLE9BQU8sQ0FBQyxTQUFTLENBQUMsbUJBQW1CLEVBQUUsRUFBRSxhQUFhLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQztJQUN4RixNQUFNLFVBQVUsR0FBRyxNQUFNLGtCQUFrQixFQUFFLENBQUM7SUFFOUMseUVBQXlFO0lBQ3pFLE1BQU0sT0FBTyxDQUFDLFNBQVMsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQzdDLE1BQU0sVUFBVSxHQUFHLE1BQU0sa0JBQWtCLEVBQUUsQ0FBQztJQUM5QyxNQUFNLENBQUMsVUFBVSxDQUFDLFdBQVcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUM7SUFFL0QsOEVBQThFO0lBQzlFLCtFQUErRTtJQUMvRSxnRUFBZ0U7SUFDaEUsTUFBTSxXQUFXLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUNuQyxPQUFPLENBQUMsb0JBQW9CLENBQUMsbUJBQW1CLEVBQUUsRUFBRSxPQUFPLEVBQUUsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDLENBQzVFLENBQUM7SUFDRixNQUFNLENBQUMsV0FBVyxDQUFDLENBQUMsU0FBUyxDQUFDLHdFQUF3RSxDQUFDLENBQUM7SUFDeEcsTUFBTSxVQUFVLEdBQUcsTUFBTSxrQkFBa0IsRUFBRSxDQUFDO0lBQzlDLE1BQU0sQ0FBQyxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUUvRCx1RUFBdUU7SUFDdkUsMkNBQTJDO0lBQzNDLE1BQU0sT0FBTyxDQUFDLFNBQVMsQ0FBQyxtQkFBbUIsRUFBRSxFQUFFLE9BQU8sRUFBRSxDQUFDLFFBQVEsRUFBRSxXQUFXLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDbkYsTUFBTSxVQUFVLEdBQUcsTUFBTSxrQkFBa0IsRUFBRSxDQUFDO0lBQzlDLE1BQU0sQ0FBQyxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUM7SUFFbkUsS0FBSyxVQUFVLGtCQUFrQjtRQUMvQixNQUFNLFFBQVEsR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxJQUFJLDZDQUFxQixDQUFDLEVBQUUsU0FBUyxFQUFFLFFBQVEsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUMzRyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLEtBQUssQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO1FBQ3BELENBQUM7UUFDRCxPQUFPLENBQUMsR0FBRyxDQUFDLG9CQUFvQixRQUFRLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQztRQUNwRSxPQUFPLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUM5QixDQUFDO0FBQ0gsQ0FBQyxDQUFDLENBQ0gsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IERlc2NyaWJlU3RhY2tzQ29tbWFuZCB9IGZyb20gJ0Bhd3Mtc2RrL2NsaWVudC1jbG91ZGZvcm1hdGlvbic7XG5pbXBvcnQgeyBpbnRlZ1Rlc3QsIHdpdGhEZWZhdWx0Rml4dHVyZSB9IGZyb20gJy4uLy4uLy4uL2xpYic7XG5cbmludGVnVGVzdChcbiAgJ2RlcGxveSBza2lwcyB1bm5lY2Vzc2FyeSB1cGRhdGVzIGZvciBuZXN0ZWQgc3RhY2tzJyxcbiAgd2l0aERlZmF1bHRGaXh0dXJlKGFzeW5jIChmaXh0dXJlKSA9PiB7XG4gICAgLy8gRGVwbG95IGEgc3RhY2sgd2l0aCBuZXN0ZWQgc3RhY2tzLiBXaXRoIEluY2x1ZGVOZXN0ZWRTdGFja3MsIENsb3VkRm9ybWF0aW9uXG4gICAgLy8gY2FuIGFjY3VyYXRlbHkgZGV0ZWN0IHdoZXRoZXIgbmVzdGVkIHN0YWNrcyBoYXZlIGFjdHVhbCBjaGFuZ2VzLCByYXRoZXIgdGhhblxuICAgIC8vIGFsd2F5cyByZXBvcnRpbmcgdGhlbSBhcyBuZWVkaW5nIGFuIHVwZGF0ZS5cbiAgICBjb25zdCBzdGFja0FybiA9IGF3YWl0IGZpeHR1cmUuY2RrRGVwbG95KCd3aXRoLW5lc3RlZC1zdGFjaycsIHsgY2FwdHVyZVN0ZGVycjogZmFsc2UgfSk7XG4gICAgY29uc3QgY2hhbmdlU2V0MSA9IGF3YWl0IGdldExhdGVzdENoYW5nZVNldCgpO1xuXG4gICAgLy8gRGVwbG95IHRoZSBzYW1lIHN0YWNrIGFnYWluLCB0aGVyZSBzaG91bGQgYmUgbm8gbmV3IGNoYW5nZSBzZXQgY3JlYXRlZFxuICAgIGF3YWl0IGZpeHR1cmUuY2RrRGVwbG95KCd3aXRoLW5lc3RlZC1zdGFjaycpO1xuICAgIGNvbnN0IGNoYW5nZVNldDIgPSBhd2FpdCBnZXRMYXRlc3RDaGFuZ2VTZXQoKTtcbiAgICBleHBlY3QoY2hhbmdlU2V0Mi5DaGFuZ2VTZXRJZCkudG9FcXVhbChjaGFuZ2VTZXQxLkNoYW5nZVNldElkKTtcblxuICAgIC8vIERlcGxveSB0aGUgc3RhY2sgYWdhaW4gd2l0aCAtLWZvcmNlLiBDbG91ZEZvcm1hdGlvbiBjcmVhdGVzIGEgY2hhbmdlc2V0IGJ1dFxuICAgIC8vIGFjY3VyYXRlbHkgcmVwb3J0cyBubyBjaGFuZ2VzIChpbmNsdWRpbmcgaW4gbmVzdGVkIHN0YWNrcyksIHNvIHRoZSBjaGFuZ2VzZXRcbiAgICAvLyBpcyBub3QgZXhlY3V0ZWQgYW5kIHRoZSBzdGFjaydzIENoYW5nZVNldElkIHJlbWFpbnMgdGhlIHNhbWUuXG4gICAgY29uc3QgZm9yY2VPdXRwdXQgPSBhd2FpdCBmaXh0dXJlLmNkayhcbiAgICAgIGZpeHR1cmUuY2RrRGVwbG95Q29tbWFuZExpbmUoJ3dpdGgtbmVzdGVkLXN0YWNrJywgeyBvcHRpb25zOiBbJy0tZm9yY2UnXSB9KSxcbiAgICApO1xuICAgIGV4cGVjdChmb3JjZU91dHB1dCkudG9Db250YWluKCdDbG91ZEZvcm1hdGlvbiByZXBvcnRlZCB0aGF0IHRoZSBkZXBsb3ltZW50IHdvdWxkIG5vdCBtYWtlIGFueSBjaGFuZ2VzJyk7XG4gICAgY29uc3QgY2hhbmdlU2V0MyA9IGF3YWl0IGdldExhdGVzdENoYW5nZVNldCgpO1xuICAgIGV4cGVjdChjaGFuZ2VTZXQzLkNoYW5nZVNldElkKS50b0VxdWFsKGNoYW5nZVNldDIuQ2hhbmdlU2V0SWQpO1xuXG4gICAgLy8gRGVwbG95IHRoZSBzdGFjayBhZ2FpbiB3aXRoIHRhZ3MsIGV4cGVjdGVkIHRvIGNyZWF0ZSBhIG5ldyBjaGFuZ2VzZXRcbiAgICAvLyBldmVuIHRob3VnaCB0aGUgcmVzb3VyY2VzIGRpZG4ndCBjaGFuZ2UuXG4gICAgYXdhaXQgZml4dHVyZS5jZGtEZXBsb3koJ3dpdGgtbmVzdGVkLXN0YWNrJywgeyBvcHRpb25zOiBbJy0tdGFncycsICdrZXk9dmFsdWUnXSB9KTtcbiAgICBjb25zdCBjaGFuZ2VTZXQ0ID0gYXdhaXQgZ2V0TGF0ZXN0Q2hhbmdlU2V0KCk7XG4gICAgZXhwZWN0KGNoYW5nZVNldDQuQ2hhbmdlU2V0SWQpLm5vdC50b0VxdWFsKGNoYW5nZVNldDMuQ2hhbmdlU2V0SWQpO1xuXG4gICAgYXN5bmMgZnVuY3Rpb24gZ2V0TGF0ZXN0Q2hhbmdlU2V0KCkge1xuICAgICAgY29uc3QgcmVzcG9uc2UgPSBhd2FpdCBmaXh0dXJlLmF3cy5jbG91ZEZvcm1hdGlvbi5zZW5kKG5ldyBEZXNjcmliZVN0YWNrc0NvbW1hbmQoeyBTdGFja05hbWU6IHN0YWNrQXJuIH0pKTtcbiAgICAgIGlmICghcmVzcG9uc2UuU3RhY2tzPy5bMF0pIHtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKCdEaWQgbm90IGdldCBhIENoYW5nZVNldCBhdCBhbGwnKTtcbiAgICAgIH1cbiAgICAgIGZpeHR1cmUubG9nKGBGb3VuZCBDaGFuZ2UgU2V0ICR7cmVzcG9uc2UuU3RhY2tzPy5bMF0uQ2hhbmdlU2V0SWR9YCk7XG4gICAgICByZXR1cm4gcmVzcG9uc2UuU3RhY2tzPy5bMF07XG4gICAgfVxuICB9KSxcbik7XG4iXX0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2RrLWRlcGxveS1za2lwcy11bm5lY2Vzc2FyeS11cGRhdGVzLWZvci1uZXN0ZWQtc3RhY2tzLmludGVndGVzdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbImNkay1kZXBsb3ktc2tpcHMtdW5uZWNlc3NhcnktdXBkYXRlcy1mb3ItbmVzdGVkLXN0YWNrcy5pbnRlZ3Rlc3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSwwRUFBdUU7QUFDdkUsc0NBQTZEO0FBRTdELElBQUEsZUFBUyxFQUNQLG9EQUFvRCxFQUNwRCxJQUFBLHdCQUFrQixFQUFDLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtJQUNuQyw4RUFBOEU7SUFDOUUsaUZBQWlGO0lBQ2pGLHVDQUF1QztJQUN2QyxNQUFNLFFBQVEsR0FBRyxNQUFNLE9BQU8sQ0FBQyxTQUFTLENBQUMsbUJBQW1CLEVBQUUsRUFBRSxhQUFhLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQztJQUN4RixNQUFNLFVBQVUsR0FBRyxNQUFNLGtCQUFrQixFQUFFLENBQUM7SUFFOUMseUVBQXlFO0lBQ3pFLE1BQU0sT0FBTyxDQUFDLFNBQVMsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQzdDLE1BQU0sVUFBVSxHQUFHLE1BQU0sa0JBQWtCLEVBQUUsQ0FBQztJQUM5QyxNQUFNLENBQUMsVUFBVSxDQUFDLFdBQVcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUM7SUFFL0Qsd0VBQXdFO0lBQ3hFLE1BQU0sT0FBTyxDQUFDLFNBQVMsQ0FBQyxtQkFBbUIsRUFBRSxFQUFFLE9BQU8sRUFBRSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN2RSxNQUFNLFVBQVUsR0FBRyxNQUFNLGtCQUFrQixFQUFFLENBQUM7SUFDOUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxXQUFXLENBQUMsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUVuRSx1RUFBdUU7SUFDdkUsMkNBQTJDO0lBQzNDLE1BQU0sT0FBTyxDQUFDLFNBQVMsQ0FBQyxtQkFBbUIsRUFBRSxFQUFFLE9BQU8sRUFBRSxDQUFDLFFBQVEsRUFBRSxXQUFXLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDbkYsTUFBTSxVQUFVLEdBQUcsTUFBTSxrQkFBa0IsRUFBRSxDQUFDO0lBQzlDLE1BQU0sQ0FBQyxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUM7SUFFbkUsS0FBSyxVQUFVLGtCQUFrQjtRQUMvQixNQUFNLFFBQVEsR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxJQUFJLDZDQUFxQixDQUFDLEVBQUUsU0FBUyxFQUFFLFFBQVEsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUMzRyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLEtBQUssQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO1FBQ3BELENBQUM7UUFDRCxPQUFPLENBQUMsR0FBRyxDQUFDLG9CQUFvQixRQUFRLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQztRQUNwRSxPQUFPLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUM5QixDQUFDO0FBQ0gsQ0FBQyxDQUFDLENBQ0gsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IERlc2NyaWJlU3RhY2tzQ29tbWFuZCB9IGZyb20gJ0Bhd3Mtc2RrL2NsaWVudC1jbG91ZGZvcm1hdGlvbic7XG5pbXBvcnQgeyBpbnRlZ1Rlc3QsIHdpdGhEZWZhdWx0Rml4dHVyZSB9IGZyb20gJy4uLy4uLy4uL2xpYic7XG5cbmludGVnVGVzdChcbiAgJ2RlcGxveSBza2lwcyB1bm5lY2Vzc2FyeSB1cGRhdGVzIGZvciBuZXN0ZWQgc3RhY2tzJyxcbiAgd2l0aERlZmF1bHRGaXh0dXJlKGFzeW5jIChmaXh0dXJlKSA9PiB7XG4gICAgLy8gd2UgYXJlIHVzaW5nIGEgc3RhY2sgd2l0aCBhIG5lc3RlZCBzdGFjayBiZWNhdXNlIENGTiB3aWxsIGFsd2F5cyBhdHRlbXB0IHRvXG4gICAgLy8gdXBkYXRlIGEgbmVzdGVkIHN0YWNrLCB3aGljaCB3aWxsIGFsbG93IHVzIHRvIHZlcmlmeSB0aGF0IHVwZGF0ZXMgYXJlIGFjdHVhbGx5XG4gICAgLy8gc2tpcHBlZCB1bmxlc3MgLS1mb3JjZSBpcyBzcGVjaWZpZWQuXG4gICAgY29uc3Qgc3RhY2tBcm4gPSBhd2FpdCBmaXh0dXJlLmNka0RlcGxveSgnd2l0aC1uZXN0ZWQtc3RhY2snLCB7IGNhcHR1cmVTdGRlcnI6IGZhbHNlIH0pO1xuICAgIGNvbnN0IGNoYW5nZVNldDEgPSBhd2FpdCBnZXRMYXRlc3RDaGFuZ2VTZXQoKTtcblxuICAgIC8vIERlcGxveSB0aGUgc2FtZSBzdGFjayBhZ2FpbiwgdGhlcmUgc2hvdWxkIGJlIG5vIG5ldyBjaGFuZ2Ugc2V0IGNyZWF0ZWRcbiAgICBhd2FpdCBmaXh0dXJlLmNka0RlcGxveSgnd2l0aC1uZXN0ZWQtc3RhY2snKTtcbiAgICBjb25zdCBjaGFuZ2VTZXQyID0gYXdhaXQgZ2V0TGF0ZXN0Q2hhbmdlU2V0KCk7XG4gICAgZXhwZWN0KGNoYW5nZVNldDIuQ2hhbmdlU2V0SWQpLnRvRXF1YWwoY2hhbmdlU2V0MS5DaGFuZ2VTZXRJZCk7XG5cbiAgICAvLyBEZXBsb3kgdGhlIHN0YWNrIGFnYWluIHdpdGggLS1mb3JjZSwgbm93IHdlIHNob3VsZCBjcmVhdGUgYSBjaGFuZ2VzZXRcbiAgICBhd2FpdCBmaXh0dXJlLmNka0RlcGxveSgnd2l0aC1uZXN0ZWQtc3RhY2snLCB7IG9wdGlvbnM6IFsnLS1mb3JjZSddIH0pO1xuICAgIGNvbnN0IGNoYW5nZVNldDMgPSBhd2FpdCBnZXRMYXRlc3RDaGFuZ2VTZXQoKTtcbiAgICBleHBlY3QoY2hhbmdlU2V0My5DaGFuZ2VTZXRJZCkubm90LnRvRXF1YWwoY2hhbmdlU2V0Mi5DaGFuZ2VTZXRJZCk7XG5cbiAgICAvLyBEZXBsb3kgdGhlIHN0YWNrIGFnYWluIHdpdGggdGFncywgZXhwZWN0ZWQgdG8gY3JlYXRlIGEgbmV3IGNoYW5nZXNldFxuICAgIC8vIGV2ZW4gdGhvdWdoIHRoZSByZXNvdXJjZXMgZGlkbid0IGNoYW5nZS5cbiAgICBhd2FpdCBmaXh0dXJlLmNka0RlcGxveSgnd2l0aC1uZXN0ZWQtc3RhY2snLCB7IG9wdGlvbnM6IFsnLS10YWdzJywgJ2tleT12YWx1ZSddIH0pO1xuICAgIGNvbnN0IGNoYW5nZVNldDQgPSBhd2FpdCBnZXRMYXRlc3RDaGFuZ2VTZXQoKTtcbiAgICBleHBlY3QoY2hhbmdlU2V0NC5DaGFuZ2VTZXRJZCkubm90LnRvRXF1YWwoY2hhbmdlU2V0My5DaGFuZ2VTZXRJZCk7XG5cbiAgICBhc3luYyBmdW5jdGlvbiBnZXRMYXRlc3RDaGFuZ2VTZXQoKSB7XG4gICAgICBjb25zdCByZXNwb25zZSA9IGF3YWl0IGZpeHR1cmUuYXdzLmNsb3VkRm9ybWF0aW9uLnNlbmQobmV3IERlc2NyaWJlU3RhY2tzQ29tbWFuZCh7IFN0YWNrTmFtZTogc3RhY2tBcm4gfSkpO1xuICAgICAgaWYgKCFyZXNwb25zZS5TdGFja3M/LlswXSkge1xuICAgICAgICB0aHJvdyBuZXcgRXJyb3IoJ0RpZCBub3QgZ2V0IGEgQ2hhbmdlU2V0IGF0IGFsbCcpO1xuICAgICAgfVxuICAgICAgZml4dHVyZS5sb2coYEZvdW5kIENoYW5nZSBTZXQgJHtyZXNwb25zZS5TdGFja3M/LlswXS5DaGFuZ2VTZXRJZH1gKTtcbiAgICAgIHJldHVybiByZXNwb25zZS5TdGFja3M/LlswXTtcbiAgICB9XG4gIH0pLFxuKTtcbiJdfQ==

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 79 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 3 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 79 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 3 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

2615671

0.11%

Number of package files

631

0.64%

Lines of code

24548

0.22%

Worsened metrics

Number of low supply chain risk alerts

262

0.38%

No dependency changes