@graphql-toolkit/code-file-loader
Advanced tools
Comparing version 0.6.8-alpha-05dcd9d.3 to 0.6.8-alpha-0704954.6
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
const graphql_1 = require("graphql"); | ||
const graphql_tag_pluck_1 = require("graphql-tag-pluck"); | ||
function calculateOptions(options) { | ||
@@ -34,4 +35,3 @@ if (!options || !options.tagPluck) { | ||
try { | ||
const { gqlPluckFromFile } = eval(`require('graphql-tag-pluck')`); | ||
return (await gqlPluckFromFile(source.name, calculateOptions(options))) || null; | ||
return (await graphql_tag_pluck_1.gqlPluckFromFile(source.name, calculateOptions(options))) || null; | ||
} | ||
@@ -38,0 +38,0 @@ catch (e) { |
@@ -7,2 +7,4 @@ "use strict"; | ||
const common_1 = require("@graphql-toolkit/common"); | ||
const fs_1 = require("fs"); | ||
const isValidPath = require("is-valid-path"); | ||
function isSchemaText(obj) { | ||
@@ -52,3 +54,3 @@ return typeof obj === 'string'; | ||
if (require && require.cache) { | ||
filePath = eval(`require.resolve('${filePath}')`); | ||
filePath = require.resolve(filePath); | ||
if (require.cache[filePath]) { | ||
@@ -58,3 +60,3 @@ delete require.cache[filePath]; | ||
} | ||
const rawExports = await eval(`require('${filePath}');`); | ||
const rawExports = await Promise.resolve().then(() => require(filePath)); | ||
if (rawExports) { | ||
@@ -85,4 +87,3 @@ let rawExport = rawExports.default || rawExports.schema || rawExports; | ||
async function tryToLoadFromCodeAst(filePath, options) { | ||
const { readFileSync } = eval(`require('fs')`); | ||
const content = readFileSync(filePath, 'utf-8'); | ||
const content = fs_1.readFileSync(filePath, 'utf-8'); | ||
const foundDoc = await extract_document_string_from_code_file_1.extractDocumentStringFromCodeFile(new graphql_1.Source(content, filePath), options || {}); | ||
@@ -102,4 +103,12 @@ if (foundDoc) { | ||
async canLoad(pointer, options) { | ||
const extension = path_1.extname(pointer).toLowerCase(); | ||
return CODE_FILE_EXTENSIONS.includes(extension); | ||
if (isValidPath(pointer)) { | ||
const extension = path_1.extname(pointer).toLowerCase(); | ||
if (CODE_FILE_EXTENSIONS.includes(extension)) { | ||
const normalizedFilePath = path_1.isAbsolute(pointer) ? pointer : path_1.resolve(options.cwd || process.cwd(), pointer); | ||
if (fs_1.existsSync(normalizedFilePath)) { | ||
return true; | ||
} | ||
} | ||
} | ||
return false; | ||
} | ||
@@ -106,0 +115,0 @@ async load(pointer, options) { |
import { parse } from 'graphql'; | ||
import { gqlPluckFromFile } from 'graphql-tag-pluck'; | ||
function calculateOptions(options) { | ||
@@ -32,3 +33,2 @@ if (!options || !options.tagPluck) { | ||
try { | ||
const { gqlPluckFromFile } = eval(`require('graphql-tag-pluck')`); | ||
return (await gqlPluckFromFile(source.name, calculateOptions(options))) || null; | ||
@@ -35,0 +35,0 @@ } |
@@ -5,2 +5,4 @@ import { GraphQLSchema, parse, buildClientSchema, Source as GraphQLSource } from 'graphql'; | ||
import { debugLog, printSchemaWithDirectives, asArray, fixWindowsPath } from '@graphql-toolkit/common'; | ||
import { readFileSync, existsSync } from 'fs'; | ||
import * as isValidPath from 'is-valid-path'; | ||
function isSchemaText(obj) { | ||
@@ -50,3 +52,3 @@ return typeof obj === 'string'; | ||
if (require && require.cache) { | ||
filePath = eval(`require.resolve('${filePath}')`); | ||
filePath = require.resolve(filePath); | ||
if (require.cache[filePath]) { | ||
@@ -56,3 +58,3 @@ delete require.cache[filePath]; | ||
} | ||
const rawExports = await eval(`require('${filePath}');`); | ||
const rawExports = await import(filePath); | ||
if (rawExports) { | ||
@@ -83,3 +85,2 @@ let rawExport = rawExports.default || rawExports.schema || rawExports; | ||
async function tryToLoadFromCodeAst(filePath, options) { | ||
const { readFileSync } = eval(`require('fs')`); | ||
const content = readFileSync(filePath, 'utf-8'); | ||
@@ -100,4 +101,12 @@ const foundDoc = await extractDocumentStringFromCodeFile(new GraphQLSource(content, filePath), options || {}); | ||
async canLoad(pointer, options) { | ||
const extension = extname(pointer).toLowerCase(); | ||
return CODE_FILE_EXTENSIONS.includes(extension); | ||
if (isValidPath(pointer)) { | ||
const extension = extname(pointer).toLowerCase(); | ||
if (CODE_FILE_EXTENSIONS.includes(extension)) { | ||
const normalizedFilePath = isAbsolute(pointer) ? pointer : resolve(options.cwd || process.cwd(), pointer); | ||
if (existsSync(normalizedFilePath)) { | ||
return true; | ||
} | ||
} | ||
} | ||
return false; | ||
} | ||
@@ -104,0 +113,0 @@ async load(pointer, options) { |
{ | ||
"name": "@graphql-toolkit/code-file-loader", | ||
"version": "0.6.8-alpha-05dcd9d.3+05dcd9d", | ||
"version": "0.6.8-alpha-0704954.6+0704954", | ||
"description": "A set of utils for faster development of GraphQL tools", | ||
@@ -24,3 +24,3 @@ "repository": "git@github.com:dotansimha/graphql-toolkit.git", | ||
"devDependencies": { | ||
"@types/jest": "24.0.21", | ||
"@types/jest": "24.0.22", | ||
"graphql": "14.5.8", | ||
@@ -32,4 +32,6 @@ "jest": "24.9.0", | ||
"dependencies": { | ||
"@graphql-toolkit/common": "0.6.8-alpha-05dcd9d.3+05dcd9d", | ||
"graphql-tag-pluck": "0.8.7" | ||
"@graphql-toolkit/common": "0.6.8-alpha-0704954.6+0704954", | ||
"graphql-tag-pluck": "0.8.7", | ||
"is-valid-path": "0.1.1", | ||
"tslib": "1.10.0" | ||
}, | ||
@@ -39,3 +41,3 @@ "publishConfig": { | ||
}, | ||
"gitHead": "05dcd9d3d32c19fe54d15f3b4e4f8f50d9221e95" | ||
"gitHead": "0704954d0f9ca7ba6b053281b48c696fa96e946d" | ||
} |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
30442
17802
407
1
5
9
+ Addedis-valid-path@0.1.1
+ Addedtslib@1.10.0
+ Added@babel/code-frame@7.26.2(transitive)
+ Added@babel/generator@7.26.2(transitive)
+ Added@babel/parser@7.26.2(transitive)
+ Addedis-extglob@1.0.0(transitive)
+ Addedis-glob@2.0.1(transitive)
+ Addedis-invalid-path@0.1.0(transitive)
+ Addedis-valid-path@0.1.1(transitive)
+ Addedtslib@1.10.0(transitive)
- Removed@babel/code-frame@7.26.0(transitive)
- Removed@babel/generator@7.26.0(transitive)
- Removed@babel/parser@7.26.1(transitive)
Updated@graphql-toolkit/common@0.6.8-alpha-0704954.6+0704954