@node-red/registry
Advanced tools
Comparing version 1.3.5 to 1.3.6
@@ -73,6 +73,9 @@ // This module handles the management of modules required by the runtime and flows. | ||
} | ||
if (BUILTIN_MODULES.indexOf(module) !== -1) { | ||
return require(module); | ||
const parsedModule = parseModuleName(module); | ||
if (BUILTIN_MODULES.indexOf(parsedModule.module) !== -1) { | ||
return require(parsedModule.module); | ||
} | ||
if (!knownExternalModules[module]) { | ||
if (!knownExternalModules[parsedModule.module]) { | ||
const e = new Error("Module not allowed"); | ||
@@ -79,0 +82,0 @@ e.code = "module_not_allowed"; |
{ | ||
"name": "@node-red/registry", | ||
"version": "1.3.5", | ||
"version": "1.3.6", | ||
"license": "Apache-2.0", | ||
@@ -19,7 +19,9 @@ "main": "./lib/index.js", | ||
"dependencies": { | ||
"@node-red/util": "1.3.5", | ||
"@node-red/util": "1.3.6", | ||
"clone": "2.1.2", | ||
"fs-extra": "8.1.0", | ||
"semver": "6.3.0", | ||
"tar": "6.1.0", | ||
"tar": "6.1.2", | ||
"uglify-js": "3.13.3" | ||
} | ||
} |
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
128521
3190
6
+ Addedclone@2.1.2
+ Addedfs-extra@8.1.0
+ Added@node-red/util@1.3.6(transitive)
+ Addedfs-extra@8.1.0(transitive)
+ Addedgraceful-fs@4.2.11(transitive)
+ Addedjsonfile@4.0.0(transitive)
+ Addedtar@6.1.2(transitive)
+ Addeduniversalify@0.1.2(transitive)
- Removed@node-red/util@1.3.5(transitive)
- Removedtar@6.1.0(transitive)
Updated@node-red/util@1.3.6
Updatedtar@6.1.2