@lavamoat/aa
Advanced tools
Comparing version 1.0.0 to 2.0.0
{ | ||
"name": "@lavamoat/aa", | ||
"version": "1.0.0", | ||
"version": "2.0.0", | ||
"main": "src/index.js", | ||
@@ -11,3 +11,3 @@ "license": "MIT", | ||
"test": "yarn test:run", | ||
"test:run": "ava test/index.js", | ||
"test:run": "ava --timeout=30s test/index.js", | ||
"lint": "yarn lint:eslint && yarn lint:deps", | ||
@@ -28,3 +28,4 @@ "lint:eslint": "eslint \"src/**/*.js\"", | ||
}, | ||
"author": "kumavis" | ||
"author": "kumavis", | ||
"gitHead": "efefc17dd7df5a94e90585c426fd06be4473a58d" | ||
} |
const { promises: fs } = require('fs') | ||
const path = require('path') | ||
const { sync: nodeResolve } = require('resolve') | ||
const resolve = (from, to) => nodeResolve(to, { basedir: from }) | ||
const nodeResolve = require('resolve') | ||
@@ -37,7 +36,7 @@ module.exports = { | ||
*/ | ||
async function loadCanonicalNameMap ({ rootDir, includeDevDeps } = {}) { | ||
async function loadCanonicalNameMap ({ rootDir, includeDevDeps, resolve } = {}) { | ||
const filePathToLogicalPaths = new SetMap() | ||
const canonicalNameMap = new Map() | ||
// walk tree | ||
for await (const packageData of eachPackageInLogicalTree({ packageDir: rootDir, includeDevDeps })) { | ||
for await (const packageData of eachPackageInLogicalTree({ packageDir: rootDir, includeDevDeps, resolve })) { | ||
const logicalPathString = packageData.logicalPathParts.join('>') | ||
@@ -52,3 +51,3 @@ filePathToLogicalPaths.add(packageData.packageDir, logicalPathString) | ||
// add root dir as "app" | ||
canonicalNameMap.set(rootDir, '<root>') | ||
canonicalNameMap.set(rootDir, '$root$') | ||
Reflect.defineProperty(canonicalNameMap, 'rootDir', { value: rootDir }) | ||
@@ -63,3 +62,3 @@ return canonicalNameMap | ||
// TODO: optimize this to not walk the entire tree, can skip if the best known logical path is already shorter | ||
async function * eachPackageInLogicalTree ({ packageDir, logicalPath = [], includeDevDeps = false, visited = new Set() }) { | ||
async function * eachPackageInLogicalTree ({ packageDir, logicalPath = [], includeDevDeps = false, visited = new Set(), resolve = nodeResolve }) { | ||
const packageJsonPath = path.join(packageDir, 'package.json') | ||
@@ -76,4 +75,4 @@ const rawPackageJson = await fs.readFile(packageJsonPath, 'utf8') | ||
// sync seems slightly faster | ||
// depPackageJsonPath = await resolveAsync(depRelativePackageJsonPath, { basedir: packageJsonPath }) | ||
depPackageJsonPath = resolve(packageJsonPath, depRelativePackageJsonPath) | ||
// depPackageJsonPath = await resolveAsync(depRelativePackageJsonPath, { basedir: packageDir }) | ||
depPackageJsonPath = resolve.sync(depRelativePackageJsonPath, { basedir: packageDir }) | ||
const childPackageDir = path.dirname(depPackageJsonPath) | ||
@@ -99,2 +98,7 @@ // avoid cycles, but still visit the same package | ||
const packageName = canonicalNameMap.get(packageDir) | ||
const relativeToPackageDir = path.relative(packageDir, modulePath) | ||
// files should never be associated with a package directory across a package boundary (as tested via the presense of "node_modules" in the path) | ||
if (relativeToPackageDir.includes('node_modules')) { | ||
throw new Error(`LavaMoat - Encountered unknown package directory for file "${modulePath}"`) | ||
} | ||
return packageName | ||
@@ -111,3 +115,4 @@ } | ||
} | ||
return matchingPackageDirs.reduce(takeLongest) | ||
const longestMatch = matchingPackageDirs.reduce(takeLongest) | ||
return longestMatch | ||
} | ||
@@ -114,0 +119,0 @@ |
@@ -25,3 +25,3 @@ const path = require('path'); | ||
'projects/1', | ||
'<root>', | ||
'$root$', | ||
], | ||
@@ -55,3 +55,3 @@ ]) | ||
'projects/2', | ||
'<root>', | ||
'$root$', | ||
], | ||
@@ -85,5 +85,5 @@ ]) | ||
'projects/3', | ||
'<root>', | ||
'$root$', | ||
], | ||
]) | ||
}) |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 2 instances in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
13701
20
190
5