@lerna/npm-conf
Advanced tools
@lerna/npm-conf - npm Package Compare versions
Comparing version 3.0.0-beta.8 to 3.0.0-beta.12
@@ -6,2 +6,14 @@ # Change Log | ||
| <a name="3.0.0-beta.12"></a> | ||
| # [3.0.0-beta.12](https://github.com/lerna/lerna/compare/v3.0.0-beta.11...v3.0.0-beta.12) (2018-03-30) | ||
| ### Bug Fixes | ||
| * **npm-conf:** Replace env vars even in config keys ([3c9a5de](https://github.com/lerna/lerna/commit/3c9a5de)) | ||
| <a name="3.0.0-beta.8"></a> | ||
@@ -8,0 +20,0 @@ # [3.0.0-beta.8](https://github.com/lerna/lerna/compare/v3.0.0-beta.7...v3.0.0-beta.8) (2018-03-22) |
@@ -7,2 +7,3 @@ "use strict"; | ||
| const { ConfigChain } = require("config-chain"); | ||
| const envReplace = require("./env-replace"); | ||
| const findPrefix = require("./find-prefix"); | ||
@@ -22,6 +23,12 @@ const parseField = require("./parse-field"); | ||
| try { | ||
| /* eslint-disable no-param-reassign */ | ||
| for (const x of Object.keys(data)) { | ||
| // eslint-disable-next-line no-param-reassign | ||
| data[x] = parseField(data[x], x); | ||
| // https://github.com/npm/npm/commit/f0e998d | ||
| const newKey = envReplace(x); | ||
| const newField = parseField(data[x], newKey); | ||
| delete data[x]; | ||
| data[newKey] = newField; | ||
| } | ||
| /* eslint-enable no-param-reassign */ | ||
| } catch (err) { | ||
@@ -28,0 +35,0 @@ throw err; |
| "use strict"; | ||
| const path = require("path"); | ||
| const envReplace = require("./env-replace"); | ||
| const types = require("./types"); | ||
@@ -70,26 +71,1 @@ | ||
| } | ||
| // https://github.com/npm/npm/blob/latest/lib/config/core.js#L409-L423 | ||
| function envReplace(str) { | ||
| if (typeof str !== "string" || !str) { | ||
| return str; | ||
| } | ||
| // Replace any ${ENV} values with the appropriate environment | ||
| const regex = /(\\*)\$\{([^}]+)\}/g; | ||
| return str.replace(regex, (orig, esc, name) => { | ||
| // eslint-disable-next-line no-param-reassign | ||
| esc = esc.length > 0 && esc.length % 2; | ||
| if (esc) { | ||
| return orig; | ||
| } | ||
| if (process.env[name] === undefined) { | ||
| throw new Error(`Failed to replace env in config: ${orig}`); | ||
| } | ||
| return process.env[name]; | ||
| }); | ||
| } |
| { | ||
| "name": "@lerna/npm-conf", | ||
| "version": "3.0.0-beta.8", | ||
| "version": "3.0.0-beta.12", | ||
| "description": "Vendored npm-conf with updates", | ||
@@ -41,3 +41,3 @@ "keywords": [ | ||
| }, | ||
| "gitHead": "f6e9f95e7b0896fbb65db15898596355345edbcd" | ||
| "gitHead": "05dce5c0e4bca8dc894a99ed28337c85c211b37c" | ||
| } |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.66%
23014
- Number of package files
- increased by10%
11
- Lines of code
- increased by1.3%
699
- Number of low supply chain risk alerts
- decreased by-8.33%
22