New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@featurepeek/travis
Advanced tools
@featurepeek/travis - npm Package Compare versions
Comparing version 0.0.2 to 0.0.3
@@ -6,10 +6,2 @@ #!/usr/bin/env node | ||
| // safety precaution | ||
| if (!process.env.FEATUREPEEK_KEY) { | ||
| console.log('Seems like there is no FEATUREPEEK_KEY environment variable set for this project.') | ||
| console.log('Please generate an API key in your FeaturePeek dashboard to paste into your Travis dashboard.') | ||
| console.log('For more information, please read our Travis docs at https://docs.featurepeek.com/docs/travis/') | ||
| return | ||
| } | ||
| // read from peek.yaml config | ||
@@ -16,0 +8,0 @@ const config = getConfigFromYamlFile() |
| { | ||
| "private": false, | ||
| "name": "@featurepeek/travis", | ||
| "version": "0.0.2", | ||
| "version": "0.0.3", | ||
| "main": "index.js", | ||
@@ -15,3 +15,4 @@ "bin": { | ||
| "walk-back": "^3.0.1" | ||
| } | ||
| }, | ||
| "gitHead": "30b44baeda73499fd2e4ebb4bb8c938563ce09d1" | ||
| } |
| # @featurepeek/travis | ||
| For GitHub and Travis. See [documentation](https://docs.featurepeek.com/docs/travis-static/). | ||
| For GitHub and Travis. See [documentation](https://docs.featurepeek.com/docs/travis/). |
| const fs = require('fs') | ||
| const archiver = require('archiver') | ||
| const { getVersion } = require('./utils') | ||
@@ -9,3 +10,2 @@ // static builds using Circle's artifacts service | ||
| const apiKey = process.env.FEATUREPEEK_KEY | ||
| const pullRequestSlug = process.env.TRAVIS_PULL_REQUEST_SLUG | ||
@@ -37,4 +37,4 @@ const org = pullRequestSlug.split('/')[0] | ||
| formData: { | ||
| api_key: apiKey, | ||
| artifacts: fs.createReadStream('./artifacts.zip'), | ||
| ci: 'travis', | ||
| org, | ||
@@ -45,2 +45,3 @@ repo, | ||
| job, | ||
| version: getVersion(), | ||
| }, | ||
@@ -47,0 +48,0 @@ }) |
@@ -0,4 +1,5 @@ | ||
| const package = require('../package.json') | ||
| function redactValuesInObject(obj) { | ||
| const sensitives = [ | ||
| 'api_key', | ||
| 'aws_secret_access_key', | ||
@@ -18,2 +19,6 @@ 'gcloud_service_key', | ||
| module.exports = { redactValuesInObject } | ||
| function getVersion() { | ||
| return package.version | ||
| } | ||
| module.exports = { redactValuesInObject, getVersion } |
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by4.9%
18059
- Number of package files
- increased by11.11%
10
- Number of low supply chain risk alerts
- decreased by-20%
8
Worsened metrics
- Lines of code
- decreased by-2.33%
126
No dependency changes