@nightwatch/esbuild-utils - npm Package Compare versions

Comparing version 0.1.7 to 0.1.8

package.json

@@ -6,3 +6,3 @@ {
   },
-  "version": "0.1.7",
+  "version": "0.1.8",
   "description": "",
@@ -9,0 +9,0 @@ "main": "index.js",

src/createCodeRunnerFor.js

 const path = require('path');
+const process = require('process');
 const {Script} = require('vm');
+const {builtinModules} = require('node:module');
 
@@ -12,2 +14,26 @@ const getDefaultExport = function (exported) {
 
+function createRequireShim(relativeModulePath) {
+  function resolveShim(requirePath) {
+    if (path.isAbsolute(requirePath) || builtinModules.includes(requirePath)) {
+      return requirePath;
+    }
+
+    let relativePoint = path.join(process.cwd(), 'node_modules');
+
+    if (requirePath.startsWith('.')) {
+      relativePoint = path.dirname(relativeModulePath);
+    }
+
+    return path.join(relativePoint, requirePath);
+  }
+
+  function requireShim(requirePath) {
+    return require(resolveShim(requirePath));
+  };
+
+  requireShim.resolve = resolveShim;
+
+  return requireShim;
+}
+
 /**
@@ -43,11 +69,11 @@ * Creates a VM instance for running in-memory code in the current global
 
-    new Script(content, {filename: virtualModulePath}).runInThisContext()(contextModule, function (requirePath) {
-      const relativePoint = requirePath.startsWith('.') ? path.dirname(realModulePath) : path.join(process.cwd(), 'node_modules');
-      const absolutePathToModule = path.isAbsolute(requirePath) ? requirePath : path.join(relativePoint, requirePath);
+    new Script(content, {filename: virtualModulePath}).runInThisContext()(
+      contextModule,
+      createRequireShim(realModulePath),
+      realModulePath,
+      path.dirname(realModulePath)
+    );
 
-      return require(absolutePathToModule);
-    }, realModulePath, path.dirname(realModulePath));
-
     return getDefaultExport(contextModule.exports);
   };
 };

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

26996

increased by1.5%

Lines of code

641

increased by3.22%

No dependency changes