@lingui/conf - npm Package Compare versions

Comparing version 3.8.3 to 3.8.4

index.js

@@ -30,4 +30,2 @@ "use strict";
 
-var _lodash = _interopRequireDefault(require("lodash.get"));
-
 function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); if (enumerableOnly) symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; }); keys.push.apply(keys, symbols); } return keys; }
@@ -451,19 +449,20 @@
   };
-}; // copied from @EndemolShineGroup/cosmiconfig-typescript-loader
-// to support sync operations
-// if this PR gets merged and published, this piece of code can be thrown away
-// https://github.com/EndemolShineGroup/cosmiconfig-typescript-loader/pull/132
+};
+/** Typescript loader using just typescript API and eval(), instead of using ts-node/register which is slower */
 
 
 function TypeScriptLoader(filePath) {
-  try {
-    require("ts-node/register");
+  var tsc = require("typescript");
 
-    var result = require(filePath);
+  var fileContent = _fs.default.readFileSync(filePath, "utf-8");
 
-    return (0, _lodash.default)(result, "default", result);
-  } catch (error) {
-    // Replace with logger class OR throw a more specific error
-    throw require("@endemolshinegroup/cosmiconfig-typescript-loader/dist/Errors/TypeScriptCompileError").fromError(error);
-  }
+  var _tsc$transpileModule = tsc.transpileModule(fileContent, {
+    compilerOptions: {
+      module: tsc.ModuleKind.CommonJS
+    }
+  }),
+      outputText = _tsc$transpileModule.outputText;
+
+  var configFileParsed = eval(outputText);
+  return configFileParsed;
 }

package.json

 {
   "name": "@lingui/conf",
-  "version": "3.8.3",
+  "version": "3.8.4",
   "description": "Get lingui configuration from package.json",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

2

decreased by-33.33%

Worsened metrics

Total package byte prevSize

21511

decreased by-0.87%

Lines of code

523

decreased by-0.19%

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes