@lavamoat/allow-scripts - npm Package Compare versions

Comparing version 2.3.0 to 2.3.1

package.json

 {
   "name": "@lavamoat/allow-scripts",
-  "version": "2.3.0",
+  "version": "2.3.1",
   "main": "src/index.js",
@@ -15,3 +15,3 @@ "bin": {
     "@lavamoat/aa": "^3.1.1",
-    "@npmcli/run-script": "^1.8.1",
+    "@npmcli/run-script": "^6.0.0",
     "bin-links": "4.0.1",
@@ -53,3 +53,3 @@ "npm-normalize-package-bin": "^3.0.0",
   },
-  "gitHead": "178db076d9a8dbd1c6b5c9eb6d3b3d7ebd06214b"
+  "gitHead": "1dc8f60b18e679d490388bdb001edb9cea617b69"
 }

src/setup.js

@@ -140,7 +140,7 @@ const { existsSync,
     process.stderr.write(result.stderr)
-    process.exit(result.status)
+    console.log('@lavamoat/allow-scripts: Could not add @lavamoat/preinstall-always-fail.')
   } else {
     console.log('@lavamoat/allow-scripts: Added dependency @lavamoat/preinstall-always-fail.')
   }
-
+  
   if(FEATURE.bins) {
@@ -155,5 +155,6 @@ // no motivation to fix lint here, there's a better implementation of this in a neighboring branch
     // but passing a unix-style path to node on Windows works fine.
-    packageJson.scripts['allow-scripts'] = 'node ./node_modules/@lavamoat/allow-scripts/src/cli.js'
+    packageJson.scripts['allow-scripts'] = 'node ./node_modules/@lavamoat/allow-scripts/src/cli.js --experimental-bins'
+    console.log('@lavamoat/allow-scripts: Adding allow-scripts as a package.json script with direct path.')
     writeFileSync(addInstallParentDir('package.json'), JSON.stringify(packageJson, null, 2))
   }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Lines of code

892

increased by0.11%

Worsened metrics

Total package byte prevSize

43801

decreased by-0.44%

Number of package files

29

decreased by-3.33%

Dependency changes

• + Added@gar/promisify@1.1.3(transitive)

• + Added@npmcli/fs@2.1.2(transitive)

• + Added@npmcli/move-file@2.0.1(transitive)

• + Added@npmcli/node-gyp@3.0.0(transitive)

• + Added@npmcli/promise-spawn@6.0.2(transitive)

• + Added@npmcli/run-script@6.0.2(transitive)

• + Added@tootallnate/once@2.0.0(transitive)

• + Addedagent-base@6.0.2(transitive)

• + Addedagentkeepalive@4.5.0(transitive)

• + Addedaggregate-error@3.1.0(transitive)

• + Addedaproba@2.0.0(transitive)

• + Addedare-we-there-yet@3.0.1(transitive)

• + Addedbrace-expansion@2.0.1(transitive)

• + Addedcacache@16.1.3(transitive)

• + Addedclean-stack@2.2.0(transitive)

• + Addedcolor-support@1.1.3(transitive)

• + Addeddebug@4.3.7(transitive)

• + Addedencoding@0.1.13(transitive)

• + Addederr-code@2.0.3(transitive)

• + Addedexponential-backoff@3.1.1(transitive)

• + Addedgauge@4.0.4(transitive)

• + Addedglob@8.1.0(transitive)

• + Addedhttp-cache-semantics@4.1.1(transitive)

• + Addedhttp-proxy-agent@5.0.0(transitive)

• + Addedhttps-proxy-agent@5.0.1(transitive)

• + Addedhumanize-ms@1.2.1(transitive)

• + Addediconv-lite@0.6.3(transitive)

• + Addedindent-string@4.0.0(transitive)

• + Addedip-address@9.0.5(transitive)

• + Addedis-lambda@1.0.1(transitive)

• + Addedjsbn@1.1.0(transitive)

• + Addedjson-parse-even-better-errors@3.0.2(transitive)

• + Addedlru-cache@7.18.3(transitive)

• + Addedmake-fetch-happen@10.2.1(transitive)

• + Addedminimatch@5.1.6(transitive)

• + Addedminipass-collect@1.0.2(transitive)

• + Addedminipass-fetch@2.1.2(transitive)

• + Addedminipass-flush@1.0.5(transitive)

• + Addedminipass-pipeline@1.2.4(transitive)

• + Addedminipass-sized@1.0.3(transitive)

• + Addedms@2.1.3(transitive)

• + Addednegotiator@0.6.3(transitive)

• + Addednode-gyp@9.4.1(transitive)

• + Addednopt@6.0.0(transitive)

• + Addednpmlog@6.0.2(transitive)

• + Addedp-map@4.0.0(transitive)

• + Addedpromise-inflight@1.0.1(transitive)

• + Addedpromise-retry@2.0.1(transitive)

• + Addedread-package-json-fast@3.0.2(transitive)

• + Addedreadable-stream@3.6.2(transitive)

• + Addedretry@0.12.0(transitive)

• + Addedsafe-buffer@5.2.1(transitive)

• + Addedsmart-buffer@4.2.0(transitive)

• + Addedsocks@2.8.3(transitive)

• + Addedsocks-proxy-agent@7.0.0(transitive)

• + Addedsprintf-js@1.1.3(transitive)

• + Addedssri@9.0.1(transitive)

• + Addedstring_decoder@1.3.0(transitive)

• + Addedunique-filename@2.0.1(transitive)

• + Addedunique-slug@3.0.0(transitive)

• + Addedwhich@3.0.1(transitive)

• - Removed@npmcli/node-gyp@1.0.3(transitive)

• - Removed@npmcli/promise-spawn@1.3.2(transitive)

• - Removed@npmcli/run-script@1.8.6(transitive)

• - Removedajv@6.12.6(transitive)

• - Removedansi-regex@2.1.1(transitive)

• - Removedaproba@1.2.0(transitive)

• - Removedare-we-there-yet@1.1.7(transitive)

• - Removedasn1@0.2.6(transitive)

• - Removedassert-plus@1.0.0(transitive)

• - Removedasynckit@0.4.0(transitive)

• - Removedaws-sign2@0.7.0(transitive)

• - Removedaws4@1.13.2(transitive)

• - Removedbcrypt-pbkdf@1.0.2(transitive)

• - Removedcaseless@0.12.0(transitive)

• - Removedcode-point-at@1.1.0(transitive)

• - Removedcombined-stream@1.0.8(transitive)

• - Removedcore-util-is@1.0.21.0.3(transitive)

• - Removeddashdash@1.14.1(transitive)

• - Removeddelayed-stream@1.0.0(transitive)

• - Removedecc-jsbn@0.1.2(transitive)

• - Removedextend@3.0.2(transitive)

• - Removedextsprintf@1.3.0(transitive)

• - Removedfast-deep-equal@3.1.3(transitive)

• - Removedfast-json-stable-stringify@2.1.0(transitive)

• - Removedforever-agent@0.6.1(transitive)

• - Removedform-data@2.3.3(transitive)

• - Removedgauge@2.7.4(transitive)

• - Removedgetpass@0.1.7(transitive)

• - Removedhar-schema@2.0.0(transitive)

• - Removedhar-validator@5.1.5(transitive)

• - Removedhttp-signature@1.2.0(transitive)

• - Removedis-fullwidth-code-point@1.0.0(transitive)

• - Removedis-typedarray@1.0.0(transitive)

• - Removedisarray@1.0.0(transitive)

• - Removedisstream@0.1.2(transitive)

• - Removedjsbn@0.1.1(transitive)

• - Removedjson-parse-even-better-errors@2.3.1(transitive)

• - Removedjson-schema@0.4.0(transitive)

• - Removedjson-schema-traverse@0.4.1(transitive)

• - Removedjson-stringify-safe@5.0.1(transitive)

• - Removedjsprim@1.4.2(transitive)

• - Removedmime-db@1.52.0(transitive)

• - Removedmime-types@2.1.35(transitive)

• - Removednode-gyp@7.1.2(transitive)

• - Removednopt@5.0.0(transitive)

• - Removednpm-normalize-package-bin@1.0.1(transitive)

• - Removednpmlog@4.1.2(transitive)

• - Removednumber-is-nan@1.0.1(transitive)

• - Removedoauth-sign@0.9.0(transitive)

• - Removedobject-assign@4.1.1(transitive)

• - Removedperformance-now@2.1.0(transitive)

• - Removedprocess-nextick-args@2.0.1(transitive)

• - Removedpsl@1.9.0(transitive)

• - Removedpunycode@2.3.1(transitive)

• - Removedqs@6.5.3(transitive)

• - Removedread-package-json-fast@2.0.3(transitive)

• - Removedreadable-stream@2.3.8(transitive)

• - Removedrequest@2.88.2(transitive)

• - Removedsafe-buffer@5.1.2(transitive)

• - Removedsshpk@1.18.0(transitive)

• - Removedstring-width@1.0.2(transitive)

• - Removedstring_decoder@1.1.1(transitive)

• - Removedstrip-ansi@3.0.1(transitive)

• - Removedtough-cookie@2.5.0(transitive)

• - Removedtunnel-agent@0.6.0(transitive)

• - Removedtweetnacl@0.14.5(transitive)

• - Removeduri-js@4.4.1(transitive)

• - Removeduuid@3.4.0(transitive)

• - Removedverror@1.10.0(transitive)

• Updated@npmcli/run-script@^6.0.0