@lavamoat/allow-scripts - npm Package Compare versions

Comparing version 3.0.3 to 3.0.4

CHANGELOG.md

@@ -9,2 +9,11 @@ # Changelog
 
+## [3.0.4](https://github.com/LavaMoat/LavaMoat/compare/allow-scripts-v3.0.3...allow-scripts-v3.0.4) (2024-03-26)
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @lavamoat/aa bumped from ^4.1.0 to ^4.2.0
+
 ## [3.0.2](https://github.com/LavaMoat/LavaMoat/compare/allow-scripts-v3.0.1...allow-scripts-v3.0.2) (2024-02-07)
@@ -11,0 +20,0 @@

package.json

 {
   "name": "@lavamoat/allow-scripts",
-  "version": "3.0.3",
+  "version": "3.0.4",
   "description": "A tool for running only the dependency lifecycle hooks specified in an allowlist.",
@@ -38,7 +38,7 @@ "repository": {
     "test": "npm run test:run",
-    "test:prep": "for d in ./test/projects/*/ ; do (cd \"$d\" && ../../../src/cli.js auto --experimental-bins); done",
+    "test:prep": "node test/prepare.js",
     "test:run": "ava"
   },
   "dependencies": {
-    "@lavamoat/aa": "^4.1.0",
+    "@lavamoat/aa": "^4.2.0",
     "@npmcli/run-script": "7.0.4",
@@ -45,0 +45,0 @@ "bin-links": "4.0.3",

src/index.js

 // @ts-check
 
-const { promises: fs } = require('fs')
-const path = require('path')
+const { promises: fs } = require('node:fs')
+const path = require('node:path')
 const npmRunScript = require('@npmcli/run-script')
@@ -6,0 +6,0 @@ const normalizeBin = require('npm-normalize-package-bin')

src/linker.js

@@ -10,3 +10,3 @@ // @ts-check
 
-const { dirname, resolve, relative } = require('path')
+const { dirname, resolve, relative } = require('node:path')
 
@@ -13,0 +13,0 @@ /**

src/setup.js

@@ -6,5 +6,5 @@ const {
   writeFileSync,
-} = require('fs')
-const { spawnSync } = require('child_process')
-const path = require('path')
+} = require('node:fs')
+const { spawnSync } = require('node:child_process')
+const path = require('node:path')
 const { FEATURE } = require('./toggles')
@@ -11,0 +11,0 @@

src/whichbin.js

@@ -5,3 +5,3 @@ #!/usr/bin/env node
 // @ts-check
-const path = require('path')
+const path = require('node:path')
 const { getOptionsForBin } = require('./index.js')
@@ -8,0 +8,0 @@ const { FEATURE } = require('./toggles.js')

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

45785

increased by0.46%

Number of low supply chain risk alerts

3

decreased by-40%

Number of medium supply chain risk alerts

0

decreased by-100%

Dependency changes

• Updated@lavamoat/aa@^4.2.0