New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@cap-js/cds-types
Advanced tools
@cap-js/cds-types - npm Package Compare versions
Comparing version 0.6.4 to 0.6.5
| { | ||
| "name": "@cap-js/cds-types", | ||
| "version": "0.6.4", | ||
| "version": "0.6.5", | ||
| "description": "Type definitions for main packages of CAP, like `@sap/cds`", | ||
@@ -23,3 +23,3 @@ "repository": "github:cap-js/cds-types", | ||
| "test": "jest --silent", | ||
| "test:integration": "jest --silent --testMatch \"**/test/**/*.integrationtest.js\"", | ||
| "test:integration": "jest --testMatch \"**/test/**/*.integrationtest.js\"", | ||
| "test:rollup": "npm run rollup; npm run rollup:on; npm run test; npm run rollup:off", | ||
@@ -47,3 +47,3 @@ "rollup": "rm -rf dist/ && mkdir -p etc/ && npx -y @microsoft/api-extractor run --local --verbose && .github/rollup-patch.js", | ||
| "@types/jest": "^29.5.11", | ||
| "@types/node": "^20", | ||
| "@types/node": "^22", | ||
| "axios": "^1.6.2", | ||
@@ -50,0 +50,0 @@ "chai": "^4.3.10", |
@@ -6,15 +6,16 @@ #!/usr/bin/env node | ||
| const fs = require('node:fs') | ||
| const { join, relative, dirname } = require('node:path') | ||
| const { join, relative, dirname, resolve } = require('node:path') | ||
| if (!process.env.INIT_CWD) return | ||
| // TODO: check if were in a local install | ||
| const nodeModules = join(process.env.INIT_CWD, 'node_modules') | ||
| if (!fs.existsSync(nodeModules)) return | ||
| const typesDir = join(nodeModules, '@types') | ||
| if (!fs.existsSync(typesDir)) fs.mkdirSync(typesDir) | ||
| // we may have to create node_modules altogether in case of a mono repo | ||
| if (!fs.existsSync(typesDir)) fs.mkdirSync(typesDir, {recursive: true}) | ||
| // use a relative target, in case the user moves the project | ||
| const target = join(typesDir, 'sap__cds') | ||
| const src = join(nodeModules, '@cap-js/cds-types') | ||
| const src = resolvePkg('@cap-js/cds-types') ?? join(nodeModules, '@cap-js/cds-types') | ||
| const rel = relative(dirname(target), src) // need dirname or we'd land one level above node_modules (one too many "../") | ||
| console.log(`Creating symlink ${target} -> ${rel}`) | ||
@@ -35,1 +36,10 @@ // remove the existing symlink | ||
| } | ||
| function resolvePkg(pkg) { | ||
| try { | ||
| const pjson = require.resolve(join(pkg, 'package.json'), { paths: [process.env.INIT_CWD] }) | ||
| return resolve(pjson, '..') | ||
| } catch { | ||
| return null | ||
| } | ||
| } |
New alerts
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.3%
104847
- Lines of code
- increased by0.32%
2500
Worsened metrics
- Number of low supply chain risk alerts
- increased by66.67%
5
No dependency changes