@now/node
Advanced tools
@now/node - npm Package Compare versions
+33
-18
@@ -12,27 +12,43 @@ "use strict"; | ||
| } | ||
| const path_1 = require("path"); | ||
| const ts_node_1 = require("ts-node"); | ||
| // Use the project's version of TypeScript if available, | ||
| // otherwise fall back to using the copy that `@vercel/node` uses. | ||
| let compiler; | ||
| try { | ||
| compiler = require.resolve('typescript', { | ||
| paths: [process.cwd()], | ||
| }); | ||
| } | ||
| catch (e) { | ||
| compiler = 'typescript'; | ||
| } | ||
| // Assume Node 10 | ||
| let target = 'es2018'; | ||
| const resolveTypescript = (p) => { | ||
| try { | ||
| return require.resolve('typescript', { | ||
| paths: [p], | ||
| }); | ||
| } | ||
| catch (_) { | ||
| return ''; | ||
| } | ||
| }; | ||
| const requireTypescript = (p) => { | ||
| // eslint-disable-next-line @typescript-eslint/no-var-requires | ||
| return require(p); | ||
| }; | ||
| let ts = null; | ||
| // Assume Node 10 as the lowest common denominator | ||
| let target = 'ES2018'; | ||
| const nodeMajor = Number(process.versions.node.split('.')[0]); | ||
| if (nodeMajor >= 14) { | ||
| target = 'es2020'; | ||
| target = 'ES2020'; | ||
| } | ||
| else if (nodeMajor >= 12) { | ||
| target = 'es2019'; | ||
| target = 'ES2019'; | ||
| } | ||
| // Use the project's version of Typescript if available and supports `target` | ||
| let compiler = resolveTypescript(process.cwd()); | ||
| if (compiler) { | ||
| ts = requireTypescript(compiler); | ||
| if (!(target in ts.ScriptTarget)) { | ||
| ts = null; | ||
| } | ||
| } | ||
| // Otherwise fall back to using the copy that `@vercel/node` uses | ||
| if (!ts) { | ||
| compiler = resolveTypescript(path_1.join(__dirname, '..')); | ||
| ts = requireTypescript(compiler); | ||
| } | ||
| if (tsconfig) { | ||
| try { | ||
| // eslint-disable-next-line @typescript-eslint/no-var-requires | ||
| const ts = require(compiler); | ||
| const { config } = ts.readConfigFile(tsconfig, ts.sys.readFile); | ||
@@ -63,3 +79,2 @@ if ((_a = config === null || config === void 0 ? void 0 : config.compilerOptions) === null || _a === void 0 ? void 0 : _a.target) { | ||
| const http_1 = require("http"); | ||
| const path_1 = require("path"); | ||
| const launcher_1 = require("./launcher"); | ||
@@ -66,0 +81,0 @@ function listen(server, port, host) { |
+1
-1
| { | ||
| "name": "@now/node", | ||
| "version": "1.8.3", | ||
| "version": "1.8.4-canary.0", | ||
| "license": "MIT", | ||
@@ -5,0 +5,0 @@ "main": "./dist/index", |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 7 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 7 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
3164204
0.01%- Lines of code
88873
0.02%Worsened metrics
- Number of low quality alerts
1
Infinity%