New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
@dpkit/file
Advanced tools
@dpkit/file - npm Package Compare versions
+22
-17
@@ -7,8 +7,9 @@ import { prefetchFiles } from "./fetch.js"; | ||
| if (options?.bytes) { | ||
| const bytes = await inferFileBytes(localPaths); | ||
| if (bytes !== options.bytes) { | ||
| const bytes = options.bytes; | ||
| const actualBytes = await inferFileBytes(localPaths); | ||
| if (bytes !== actualBytes) { | ||
| errors.push({ | ||
| type: "file/bytes", | ||
| bytes: options.bytes, | ||
| actualBytes: bytes, | ||
| bytes, | ||
| actualBytes, | ||
| }); | ||
@@ -18,11 +19,12 @@ } | ||
| if (options?.hash) { | ||
| const [_hashValue, hashType = "md5"] = options.hash.split(":").toReversed(); | ||
| const hash = await inferFileHash(localPaths, { | ||
| const [hashValue, hashType = "md5"] = options.hash.split(":").toReversed(); | ||
| const hash = `${hashType}:${hashValue}`; | ||
| const actualHash = await inferFileHash(localPaths, { | ||
| hashType: hashType, | ||
| }); | ||
| if (hash !== options.hash) { | ||
| if (hash !== actualHash) { | ||
| errors.push({ | ||
| type: "file/hash", | ||
| hash: options.hash, | ||
| actualHash: hash, | ||
| hash, | ||
| actualHash, | ||
| }); | ||
@@ -32,9 +34,12 @@ } | ||
| if (options?.encoding) { | ||
| const encoding = await inferFileEncoding(localPaths); | ||
| if (encoding && encoding !== options.encoding) { | ||
| errors.push({ | ||
| type: "file/encoding", | ||
| encoding: options.encoding, | ||
| actualEncoding: encoding, | ||
| }); | ||
| const encoding = options.encoding; | ||
| const actualEncoding = await inferFileEncoding(localPaths); | ||
| if (actualEncoding) { | ||
| if (encoding !== actualEncoding) { | ||
| errors.push({ | ||
| type: "file/encoding", | ||
| encoding, | ||
| actualEncoding, | ||
| }); | ||
| } | ||
| } | ||
@@ -45,2 +50,2 @@ } | ||
| } | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmFsaWRhdGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9maWxlL3ZhbGlkYXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxZQUFZLENBQUE7QUFDMUMsT0FBTyxFQUFFLGNBQWMsRUFBRSxpQkFBaUIsRUFBRSxhQUFhLEVBQUUsTUFBTSxZQUFZLENBQUE7QUFFN0UsTUFBTSxDQUFDLEtBQUssVUFBVSxZQUFZLENBQ2hDLElBQXdCLEVBQ3hCLE9BQThEO0lBRTlELE1BQU0sTUFBTSxHQUFnQixFQUFFLENBQUE7SUFDOUIsTUFBTSxVQUFVLEdBQUcsTUFBTSxhQUFhLENBQUMsSUFBSSxDQUFDLENBQUE7SUFFNUMsSUFBSSxPQUFPLEVBQUUsS0FBSyxFQUFFLENBQUM7UUFDbkIsTUFBTSxLQUFLLEdBQUcsTUFBTSxjQUFjLENBQUMsVUFBVSxDQUFDLENBQUE7UUFDOUMsSUFBSSxLQUFLLEtBQUssT0FBTyxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQzVCLE1BQU0sQ0FBQyxJQUFJLENBQUM7Z0JBQ1YsSUFBSSxFQUFFLFlBQVk7Z0JBQ2xCLEtBQUssRUFBRSxPQUFPLENBQUMsS0FBSztnQkFDcEIsV0FBVyxFQUFFLEtBQUs7YUFDbkIsQ0FBQyxDQUFBO1FBQ0osQ0FBQztJQUNILENBQUM7SUFFRCxJQUFJLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQztRQUNsQixNQUFNLENBQUMsVUFBVSxFQUFFLFFBQVEsR0FBRyxLQUFLLENBQUMsR0FBRyxPQUFPLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxVQUFVLEVBQUUsQ0FBQTtRQUMzRSxNQUFNLElBQUksR0FBRyxNQUFNLGFBQWEsQ0FBQyxVQUFVLEVBQUU7WUFDM0MsUUFBUSxFQUFFLFFBQWU7U0FDMUIsQ0FBQyxDQUFBO1FBRUYsSUFBSSxJQUFJLEtBQUssT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDO1lBQzFCLE1BQU0sQ0FBQyxJQUFJLENBQUM7Z0JBQ1YsSUFBSSxFQUFFLFdBQVc7Z0JBQ2pCLElBQUksRUFBRSxPQUFPLENBQUMsSUFBSTtnQkFDbEIsVUFBVSxFQUFFLElBQUk7YUFDakIsQ0FBQyxDQUFBO1FBQ0osQ0FBQztJQUNILENBQUM7SUFFRCxJQUFJLE9BQU8sRUFBRSxRQUFRLEVBQUUsQ0FBQztRQUN0QixNQUFNLFFBQVEsR0FBRyxNQUFNLGlCQUFpQixDQUFDLFVBQVUsQ0FBQyxDQUFBO1FBRXBELElBQUksUUFBUSxJQUFJLFFBQVEsS0FBSyxPQUFPLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDOUMsTUFBTSxDQUFDLElBQUksQ0FBQztnQkFDVixJQUFJLEVBQUUsZUFBZTtnQkFDckIsUUFBUSxFQUFFLE9BQU8sQ0FBQyxRQUFRO2dCQUMxQixjQUFjLEVBQUUsUUFBUTthQUN6QixDQUFDLENBQUE7UUFDSixDQUFDO0lBQ0gsQ0FBQztJQUVELE1BQU0sS0FBSyxHQUFHLE1BQU0sQ0FBQyxNQUFNLEtBQUssQ0FBQyxDQUFBO0lBQ2pDLE9BQU8sRUFBRSxLQUFLLEVBQUUsTUFBTSxFQUFFLENBQUE7QUFDMUIsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB0eXBlIHsgRmlsZUVycm9yIH0gZnJvbSBcIi4uL2Vycm9yL2luZGV4LnRzXCJcbmltcG9ydCB7IHByZWZldGNoRmlsZXMgfSBmcm9tIFwiLi9mZXRjaC50c1wiXG5pbXBvcnQgeyBpbmZlckZpbGVCeXRlcywgaW5mZXJGaWxlRW5jb2RpbmcsIGluZmVyRmlsZUhhc2ggfSBmcm9tIFwiLi9pbmZlci50c1wiXG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiB2YWxpZGF0ZUZpbGUoXG4gIHBhdGg/OiBzdHJpbmcgfCBzdHJpbmdbXSxcbiAgb3B0aW9ucz86IHsgYnl0ZXM/OiBudW1iZXI7IGhhc2g/OiBzdHJpbmc7IGVuY29kaW5nPzogc3RyaW5nIH0sXG4pIHtcbiAgY29uc3QgZXJyb3JzOiBGaWxlRXJyb3JbXSA9IFtdXG4gIGNvbnN0IGxvY2FsUGF0aHMgPSBhd2FpdCBwcmVmZXRjaEZpbGVzKHBhdGgpXG5cbiAgaWYgKG9wdGlvbnM/LmJ5dGVzKSB7XG4gICAgY29uc3QgYnl0ZXMgPSBhd2FpdCBpbmZlckZpbGVCeXRlcyhsb2NhbFBhdGhzKVxuICAgIGlmIChieXRlcyAhPT0gb3B0aW9ucy5ieXRlcykge1xuICAgICAgZXJyb3JzLnB1c2goe1xuICAgICAgICB0eXBlOiBcImZpbGUvYnl0ZXNcIixcbiAgICAgICAgYnl0ZXM6IG9wdGlvbnMuYnl0ZXMsXG4gICAgICAgIGFjdHVhbEJ5dGVzOiBieXRlcyxcbiAgICAgIH0pXG4gICAgfVxuICB9XG5cbiAgaWYgKG9wdGlvbnM/Lmhhc2gpIHtcbiAgICBjb25zdCBbX2hhc2hWYWx1ZSwgaGFzaFR5cGUgPSBcIm1kNVwiXSA9IG9wdGlvbnMuaGFzaC5zcGxpdChcIjpcIikudG9SZXZlcnNlZCgpXG4gICAgY29uc3QgaGFzaCA9IGF3YWl0IGluZmVyRmlsZUhhc2gobG9jYWxQYXRocywge1xuICAgICAgaGFzaFR5cGU6IGhhc2hUeXBlIGFzIGFueSxcbiAgICB9KVxuXG4gICAgaWYgKGhhc2ggIT09IG9wdGlvbnMuaGFzaCkge1xuICAgICAgZXJyb3JzLnB1c2goe1xuICAgICAgICB0eXBlOiBcImZpbGUvaGFzaFwiLFxuICAgICAgICBoYXNoOiBvcHRpb25zLmhhc2gsXG4gICAgICAgIGFjdHVhbEhhc2g6IGhhc2gsXG4gICAgICB9KVxuICAgIH1cbiAgfVxuXG4gIGlmIChvcHRpb25zPy5lbmNvZGluZykge1xuICAgIGNvbnN0IGVuY29kaW5nID0gYXdhaXQgaW5mZXJGaWxlRW5jb2RpbmcobG9jYWxQYXRocylcblxuICAgIGlmIChlbmNvZGluZyAmJiBlbmNvZGluZyAhPT0gb3B0aW9ucy5lbmNvZGluZykge1xuICAgICAgZXJyb3JzLnB1c2goe1xuICAgICAgICB0eXBlOiBcImZpbGUvZW5jb2RpbmdcIixcbiAgICAgICAgZW5jb2Rpbmc6IG9wdGlvbnMuZW5jb2RpbmcsXG4gICAgICAgIGFjdHVhbEVuY29kaW5nOiBlbmNvZGluZyxcbiAgICAgIH0pXG4gICAgfVxuICB9XG5cbiAgY29uc3QgdmFsaWQgPSBlcnJvcnMubGVuZ3RoID09PSAwXG4gIHJldHVybiB7IHZhbGlkLCBlcnJvcnMgfVxufVxuIl19 | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmFsaWRhdGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9maWxlL3ZhbGlkYXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxZQUFZLENBQUE7QUFDMUMsT0FBTyxFQUFFLGNBQWMsRUFBRSxpQkFBaUIsRUFBRSxhQUFhLEVBQUUsTUFBTSxZQUFZLENBQUE7QUFFN0UsTUFBTSxDQUFDLEtBQUssVUFBVSxZQUFZLENBQ2hDLElBQXdCLEVBQ3hCLE9BQThEO0lBRTlELE1BQU0sTUFBTSxHQUFnQixFQUFFLENBQUE7SUFDOUIsTUFBTSxVQUFVLEdBQUcsTUFBTSxhQUFhLENBQUMsSUFBSSxDQUFDLENBQUE7SUFFNUMsSUFBSSxPQUFPLEVBQUUsS0FBSyxFQUFFLENBQUM7UUFDbkIsTUFBTSxLQUFLLEdBQUcsT0FBTyxDQUFDLEtBQUssQ0FBQTtRQUMzQixNQUFNLFdBQVcsR0FBRyxNQUFNLGNBQWMsQ0FBQyxVQUFVLENBQUMsQ0FBQTtRQUVwRCxJQUFJLEtBQUssS0FBSyxXQUFXLEVBQUUsQ0FBQztZQUMxQixNQUFNLENBQUMsSUFBSSxDQUFDO2dCQUNWLElBQUksRUFBRSxZQUFZO2dCQUNsQixLQUFLO2dCQUNMLFdBQVc7YUFDWixDQUFDLENBQUE7UUFDSixDQUFDO0lBQ0gsQ0FBQztJQUVELElBQUksT0FBTyxFQUFFLElBQUksRUFBRSxDQUFDO1FBQ2xCLE1BQU0sQ0FBQyxTQUFTLEVBQUUsUUFBUSxHQUFHLEtBQUssQ0FBQyxHQUFHLE9BQU8sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLFVBQVUsRUFBRSxDQUFBO1FBRTFFLE1BQU0sSUFBSSxHQUFHLEdBQUcsUUFBUSxJQUFJLFNBQVMsRUFBRSxDQUFBO1FBQ3ZDLE1BQU0sVUFBVSxHQUFHLE1BQU0sYUFBYSxDQUFDLFVBQVUsRUFBRTtZQUNqRCxRQUFRLEVBQUUsUUFBZTtTQUMxQixDQUFDLENBQUE7UUFFRixJQUFJLElBQUksS0FBSyxVQUFVLEVBQUUsQ0FBQztZQUN4QixNQUFNLENBQUMsSUFBSSxDQUFDO2dCQUNWLElBQUksRUFBRSxXQUFXO2dCQUNqQixJQUFJO2dCQUNKLFVBQVU7YUFDWCxDQUFDLENBQUE7UUFDSixDQUFDO0lBQ0gsQ0FBQztJQUVELElBQUksT0FBTyxFQUFFLFFBQVEsRUFBRSxDQUFDO1FBQ3RCLE1BQU0sUUFBUSxHQUFHLE9BQU8sQ0FBQyxRQUFRLENBQUE7UUFDakMsTUFBTSxjQUFjLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxVQUFVLENBQUMsQ0FBQTtRQUUxRCxJQUFJLGNBQWMsRUFBRSxDQUFDO1lBQ25CLElBQUksUUFBUSxLQUFLLGNBQWMsRUFBRSxDQUFDO2dCQUNoQyxNQUFNLENBQUMsSUFBSSxDQUFDO29CQUNWLElBQUksRUFBRSxlQUFlO29CQUNyQixRQUFRO29CQUNSLGNBQWM7aUJBQ2YsQ0FBQyxDQUFBO1lBQ0osQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxLQUFLLEdBQUcsTUFBTSxDQUFDLE1BQU0sS0FBSyxDQUFDLENBQUE7SUFDakMsT0FBTyxFQUFFLEtBQUssRUFBRSxNQUFNLEVBQUUsQ0FBQTtBQUMxQixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHR5cGUgeyBGaWxlRXJyb3IgfSBmcm9tIFwiLi4vZXJyb3IvaW5kZXgudHNcIlxuaW1wb3J0IHsgcHJlZmV0Y2hGaWxlcyB9IGZyb20gXCIuL2ZldGNoLnRzXCJcbmltcG9ydCB7IGluZmVyRmlsZUJ5dGVzLCBpbmZlckZpbGVFbmNvZGluZywgaW5mZXJGaWxlSGFzaCB9IGZyb20gXCIuL2luZmVyLnRzXCJcblxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIHZhbGlkYXRlRmlsZShcbiAgcGF0aD86IHN0cmluZyB8IHN0cmluZ1tdLFxuICBvcHRpb25zPzogeyBieXRlcz86IG51bWJlcjsgaGFzaD86IHN0cmluZzsgZW5jb2Rpbmc/OiBzdHJpbmcgfSxcbikge1xuICBjb25zdCBlcnJvcnM6IEZpbGVFcnJvcltdID0gW11cbiAgY29uc3QgbG9jYWxQYXRocyA9IGF3YWl0IHByZWZldGNoRmlsZXMocGF0aClcblxuICBpZiAob3B0aW9ucz8uYnl0ZXMpIHtcbiAgICBjb25zdCBieXRlcyA9IG9wdGlvbnMuYnl0ZXNcbiAgICBjb25zdCBhY3R1YWxCeXRlcyA9IGF3YWl0IGluZmVyRmlsZUJ5dGVzKGxvY2FsUGF0aHMpXG5cbiAgICBpZiAoYnl0ZXMgIT09IGFjdHVhbEJ5dGVzKSB7XG4gICAgICBlcnJvcnMucHVzaCh7XG4gICAgICAgIHR5cGU6IFwiZmlsZS9ieXRlc1wiLFxuICAgICAgICBieXRlcyxcbiAgICAgICAgYWN0dWFsQnl0ZXMsXG4gICAgICB9KVxuICAgIH1cbiAgfVxuXG4gIGlmIChvcHRpb25zPy5oYXNoKSB7XG4gICAgY29uc3QgW2hhc2hWYWx1ZSwgaGFzaFR5cGUgPSBcIm1kNVwiXSA9IG9wdGlvbnMuaGFzaC5zcGxpdChcIjpcIikudG9SZXZlcnNlZCgpXG5cbiAgICBjb25zdCBoYXNoID0gYCR7aGFzaFR5cGV9OiR7aGFzaFZhbHVlfWBcbiAgICBjb25zdCBhY3R1YWxIYXNoID0gYXdhaXQgaW5mZXJGaWxlSGFzaChsb2NhbFBhdGhzLCB7XG4gICAgICBoYXNoVHlwZTogaGFzaFR5cGUgYXMgYW55LFxuICAgIH0pXG5cbiAgICBpZiAoaGFzaCAhPT0gYWN0dWFsSGFzaCkge1xuICAgICAgZXJyb3JzLnB1c2goe1xuICAgICAgICB0eXBlOiBcImZpbGUvaGFzaFwiLFxuICAgICAgICBoYXNoLFxuICAgICAgICBhY3R1YWxIYXNoLFxuICAgICAgfSlcbiAgICB9XG4gIH1cblxuICBpZiAob3B0aW9ucz8uZW5jb2RpbmcpIHtcbiAgICBjb25zdCBlbmNvZGluZyA9IG9wdGlvbnMuZW5jb2RpbmdcbiAgICBjb25zdCBhY3R1YWxFbmNvZGluZyA9IGF3YWl0IGluZmVyRmlsZUVuY29kaW5nKGxvY2FsUGF0aHMpXG5cbiAgICBpZiAoYWN0dWFsRW5jb2RpbmcpIHtcbiAgICAgIGlmIChlbmNvZGluZyAhPT0gYWN0dWFsRW5jb2RpbmcpIHtcbiAgICAgICAgZXJyb3JzLnB1c2goe1xuICAgICAgICAgIHR5cGU6IFwiZmlsZS9lbmNvZGluZ1wiLFxuICAgICAgICAgIGVuY29kaW5nLFxuICAgICAgICAgIGFjdHVhbEVuY29kaW5nLFxuICAgICAgICB9KVxuICAgICAgfVxuICAgIH1cbiAgfVxuXG4gIGNvbnN0IHZhbGlkID0gZXJyb3JzLmxlbmd0aCA9PT0gMFxuICByZXR1cm4geyB2YWxpZCwgZXJyb3JzIH1cbn1cbiJdfQ== |
+23
-16
@@ -13,8 +13,10 @@ import type { FileError } from "../error/index.ts" | ||
| if (options?.bytes) { | ||
| const bytes = await inferFileBytes(localPaths) | ||
| if (bytes !== options.bytes) { | ||
| const bytes = options.bytes | ||
| const actualBytes = await inferFileBytes(localPaths) | ||
| if (bytes !== actualBytes) { | ||
| errors.push({ | ||
| type: "file/bytes", | ||
| bytes: options.bytes, | ||
| actualBytes: bytes, | ||
| bytes, | ||
| actualBytes, | ||
| }) | ||
@@ -25,12 +27,14 @@ } | ||
| if (options?.hash) { | ||
| const [_hashValue, hashType = "md5"] = options.hash.split(":").toReversed() | ||
| const hash = await inferFileHash(localPaths, { | ||
| const [hashValue, hashType = "md5"] = options.hash.split(":").toReversed() | ||
| const hash = `${hashType}:${hashValue}` | ||
| const actualHash = await inferFileHash(localPaths, { | ||
| hashType: hashType as any, | ||
| }) | ||
| if (hash !== options.hash) { | ||
| if (hash !== actualHash) { | ||
| errors.push({ | ||
| type: "file/hash", | ||
| hash: options.hash, | ||
| actualHash: hash, | ||
| hash, | ||
| actualHash, | ||
| }) | ||
@@ -41,10 +45,13 @@ } | ||
| if (options?.encoding) { | ||
| const encoding = await inferFileEncoding(localPaths) | ||
| const encoding = options.encoding | ||
| const actualEncoding = await inferFileEncoding(localPaths) | ||
| if (encoding && encoding !== options.encoding) { | ||
| errors.push({ | ||
| type: "file/encoding", | ||
| encoding: options.encoding, | ||
| actualEncoding: encoding, | ||
| }) | ||
| if (actualEncoding) { | ||
| if (encoding !== actualEncoding) { | ||
| errors.push({ | ||
| type: "file/encoding", | ||
| encoding, | ||
| actualEncoding, | ||
| }) | ||
| } | ||
| } | ||
@@ -51,0 +58,0 @@ } |
+2
-2
| { | ||
| "name": "@dpkit/file", | ||
| "type": "module", | ||
| "version": "1.4.2", | ||
| "version": "1.5.0", | ||
| "exports": "./build/index.js", | ||
@@ -32,3 +32,3 @@ "sideEffects": false, | ||
| "tiny-invariant": "^1.3.3", | ||
| "@dpkit/core": "1.4.2" | ||
| "@dpkit/core": "1.5.0" | ||
| }, | ||
@@ -35,0 +35,0 @@ "devDependencies": { |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
93751
0.43%- Lines of code
1410
0.71%Dependency changes
+ Added
@dpkit/core@1.5.0(transitive)- Removed
@dpkit/core@1.4.2(transitive)Updated
@dpkit/core@1.5.0