@contrast/require-hook - npm Package Compare versions

Comparing version 2.0.10 to 2.0.11

lib/export-handler-registry.js

@@ -7,2 +7,3 @@ 'use strict';
 const { getShortname } = require('./helpers');
+const fs = require('fs');
 
@@ -226,2 +227,11 @@ const PackageFinder = require('./package-finder');
   /**
+   * Returns true if the file exists and false if it doesn't.
+   * @param {string}
+   * @return {Boolean}
+   */
+  doesFileExist(filename) {
+    return fs.existsSync(filename);
+  }
+
+  /**
    * Iterates all descriptors pertaining to the currently-loading export. It
@@ -238,3 +248,4 @@ * builds into the set of resolved paths the metadata and handlers for each
    */
-  buildFromRegistry({ request, metadata, parent, registered }) {
+  // eslint-disable-next-line complexity
+  buildFromRegistry({ request, metadata, registered }) {
     const fileHandlers = {};
@@ -257,13 +268,14 @@
       if (info.file) {
-        let relativeFile = request;
-        if (request !== `${metadata.name}/${info.file}`) {
-          relativeFile = `${request}/${info.file}`;
+        const absoluteFile = path.resolve(
+          metadata.packageDir || '',
+          info.file.endsWith('.js') ? info.file : `${info.file}.js`
+        );
+
+        if (!this.doesFileExist(absoluteFile)) {
+          this.logger.trace(`Unable to resolve file ${absoluteFile}`);
+
+          continue;
         }
 
         try {
-          const absoluteFile = this.resolveFilename(
-            relativeFile,
-            parent,
-            false
-          );
           addNonDuplicatedHandlers(fileHandlers, absoluteFile, {
@@ -280,11 +292,9 @@ metadata,
         } catch (error) {
-          if (error.code === 'MODULE_NOT_FOUND') {
-            this.logger.trace(`cannot resolve relative file ${relativeFile}`);
-          } else {
-            this.logger.warn(error);
-          }
+          this.logger.warn(error);
         }
-      } else {
-        addNonDuplicatedHandlers(fileHandlers, request, { metadata, handlers });
+
+        continue;
       }
+
+      addNonDuplicatedHandlers(fileHandlers, request, { metadata, handlers });
     }
@@ -291,0 +301,0 @@

lib/require-hook.js

@@ -34,4 +34,2 @@ 'use strict';
     this.resets = new Set();
-
-    this.install();
   }
@@ -38,0 +36,0 @@

package.json

 {
   "name": "@contrast/require-hook",
-  "version": "2.0.10",
+  "version": "2.0.11",
   "description": "Post hooks for Module.prototype.require",
@@ -5,0 +5,0 @@ "main": "lib/index.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Deprecated

Maintenance

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

26605

increased by0.34%

Lines of code

632

increased by0.64%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Number of medium maintenance alerts

1

increased byInfinity%

Number of low supply chain risk alerts

5

increased by25%

No dependency changes