@dekkai/env - npm Package Compare versions

Comparing version 1.0.1 to 1.1.0

build/dist/mod.js

@@ -39,3 +39,3 @@ /**
     try {
-        import(`${null}`).catch(() => false);
+        import(/* webpackIgnore: true */ `${null}`).catch(() => false);
         return true;
@@ -58,2 +58,4 @@ }
 }
+// eslint-disable-next-line no-new-func
+const requireFunc = new Function('mod', 'return require(mod)');
 /**
@@ -65,9 +67,10 @@ * Detects the environment and loads a module using either `require` or `import`.
     if (kSupportsDynamicImport) {
-        return await import(mod.toString());
+        return await import(/* webpackIgnore: true */ mod.toString());
     }
     else if (isNodeJS()) {
-        return typeof module !== 'undefined' && typeof module.require === 'function' && module.require(mod.toString()) ||
-            // eslint-disable-next-line camelcase
-            typeof __non_webpack_require__ === 'function' && __non_webpack_require__(mod.toString()) ||
-            typeof require === 'function' && require(mod.toString()); // eslint-disable-line
+        // return typeof module !== 'undefined' && typeof module.require === 'function' && module.require(mod.toString()) ||
+        //     // eslint-disable-next-line camelcase
+        //     typeof __non_webpack_require__ === 'function' && __non_webpack_require__(mod.toString()) ||
+        //     typeof require === 'function' && require(mod.toString()); // eslint-disable-line
+        return requireFunc(mod);
     }
@@ -74,0 +77,0 @@ // not supported, a dynamic loader could be created for browser environments here, all modern browsers support

build/lib/moduleLoader.js

@@ -9,3 +9,3 @@ import { isNodeJS } from './node.js';
     try {
-        import(`${null}`).catch(() => false);
+        import(/* webpackIgnore: true */ `${null}`).catch(() => false);
         return true;
@@ -28,2 +28,4 @@ }
 }
+// eslint-disable-next-line no-new-func
+const requireFunc = new Function('mod', 'return require(mod)');
 /**
@@ -35,9 +37,10 @@ * Detects the environment and loads a module using either `require` or `import`.
     if (kSupportsDynamicImport) {
-        return await import(mod.toString());
+        return await import(/* webpackIgnore: true */ mod.toString());
     }
     else if (isNodeJS()) {
-        return typeof module !== 'undefined' && typeof module.require === 'function' && module.require(mod.toString()) ||
-            // eslint-disable-next-line camelcase
-            typeof __non_webpack_require__ === 'function' && __non_webpack_require__(mod.toString()) ||
-            typeof require === 'function' && require(mod.toString()); // eslint-disable-line
+        // return typeof module !== 'undefined' && typeof module.require === 'function' && module.require(mod.toString()) ||
+        //     // eslint-disable-next-line camelcase
+        //     typeof __non_webpack_require__ === 'function' && __non_webpack_require__(mod.toString()) ||
+        //     typeof require === 'function' && require(mod.toString()); // eslint-disable-line
+        return requireFunc(mod);
     }
@@ -44,0 +47,0 @@ // not supported, a dynamic loader could be created for browser environments here, all modern browsers support

package.json

 {
     "name": "@dekkai/env",
-    "version": "1.0.1",
+    "version": "1.1.0",
     "description": "Utility methods to detect runtimes and load modules dynamically.",
@@ -33,3 +33,3 @@ "main": "build/lib/mod.js",
         "test:browser": "karma start --single-run --browsers ChromeHeadless karma.conf.cjs",
-        "test:deno": "deno run --allow-read --allow-net spec/env/deno.suite.js",
+        "test:deno": "deno run --allow-read --allow-net --location 'http://localhost:0' spec/env/deno.suite.js",
         "lint": "eslint . --ext .js,.ts,.jsx,.tsx",
@@ -36,0 +36,0 @@ "prepack": "run-s clean test lint",

src/moduleLoader.ts

@@ -9,3 +9,3 @@ import {isNodeJS} from './node';
     try {
-        import(`${null}`).catch(() => false);
+        import(/* webpackIgnore: true */ `${null}`).catch(() => false);
         return true;
@@ -38,2 +38,5 @@ } catch {
 
+// eslint-disable-next-line no-new-func
+const requireFunc = new Function('mod', 'return require(mod)');
+
 /**
@@ -45,8 +48,9 @@ * Detects the environment and loads a module using either `require` or `import`.
     if (kSupportsDynamicImport) {
-        return await import(mod.toString());
+        return await import(/* webpackIgnore: true */ mod.toString());
     } else if (isNodeJS()) {
-        return typeof module !== 'undefined' && typeof module.require === 'function' && module.require(mod.toString()) ||
-            // eslint-disable-next-line camelcase
-            typeof __non_webpack_require__ === 'function' && __non_webpack_require__(mod.toString()) ||
-            typeof require === 'function' && require(mod.toString()); // eslint-disable-line
+        // return typeof module !== 'undefined' && typeof module.require === 'function' && module.require(mod.toString()) ||
+        //     // eslint-disable-next-line camelcase
+        //     typeof __non_webpack_require__ === 'function' && __non_webpack_require__(mod.toString()) ||
+        //     typeof require === 'function' && require(mod.toString()); // eslint-disable-line
+        return requireFunc(mod);
     }
@@ -53,0 +57,0 @@

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Fixed alerts

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

23500

increased by3.35%

Lines of code

283

increased by3.28%

Number of low supply chain risk alerts

1

decreased by-66.67%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes