@npmcli/config
Advanced tools
Comparing version 6.2.0 to 6.2.1
@@ -7,2 +7,3 @@ 'use strict' | ||
message += problems.map((problem) => { | ||
// istanbul ignore else | ||
if (problem.action === 'delete') { | ||
@@ -9,0 +10,0 @@ return `\`${problem.key}\` is not allowed in ${problem.where} config` |
@@ -308,7 +308,17 @@ // TODO: set the scope config from package.json or explicit cli config | ||
this.#loadObject({ | ||
const defaultsObject = { | ||
...this.defaults, | ||
prefix: this.globalPrefix, | ||
}, 'default', 'default values') | ||
} | ||
try { | ||
defaultsObject['npm-version'] = require(join(this.npmPath, 'package.json')).version | ||
} catch { | ||
// in some weird state where the passed in npmPath does not have a package.json | ||
// this will never happen in npm, but is guarded here in case this is consumed | ||
// in other ways + tests | ||
} | ||
this.#loadObject(defaultsObject, 'default', 'default values') | ||
const { data } = this.data.get('default') | ||
@@ -450,3 +460,3 @@ | ||
nopt.clean(obj.data, this.types, this.typeDefs) | ||
nopt.clean(obj.data, this.types, typeDefs) | ||
@@ -453,0 +463,0 @@ nopt.invalidHandler = null |
class Umask {} | ||
const parse = val => { | ||
// this is run via nopt and parse field where everything is | ||
// converted to a string first, ignoring coverage for now | ||
// instead of figuring out what is happening under the hood in nopt | ||
// istanbul ignore else | ||
if (typeof val === 'string') { | ||
@@ -11,11 +15,12 @@ if (/^0o?[0-7]+$/.test(val)) { | ||
} | ||
} else { | ||
if (typeof val !== 'number') { | ||
throw new Error(`invalid umask value: ${val}`) | ||
} | ||
val = Math.floor(val) | ||
if (val < 0 || val > 511) { | ||
throw new Error(`invalid umask value: ${val}`) | ||
} | ||
return val | ||
} | ||
if (typeof val !== 'number') { | ||
throw new Error(`invalid umask value: ${val}`) | ||
} | ||
val = Math.floor(val) | ||
if (val < 0 || val > 511) { | ||
throw new Error(`invalid umask value: ${val}`) | ||
} | ||
return val | ||
} | ||
@@ -22,0 +27,0 @@ |
{ | ||
"name": "@npmcli/config", | ||
"version": "6.2.0", | ||
"version": "6.2.1", | ||
"files": [ | ||
@@ -27,4 +27,2 @@ "bin/", | ||
"tap": { | ||
"check-coverage": true, | ||
"coverage-map": "map.js", | ||
"nyc-arg": [ | ||
@@ -37,2 +35,3 @@ "--exclude", | ||
"@npmcli/eslint-config": "^4.0.0", | ||
"@npmcli/mock-globals": "^1.0.0", | ||
"@npmcli/template-oss": "4.14.1", | ||
@@ -43,2 +42,3 @@ "tap": "^16.3.4" | ||
"@npmcli/map-workspaces": "^3.0.2", | ||
"ci-info": "^3.8.0", | ||
"ini": "^4.1.0", | ||
@@ -45,0 +45,0 @@ "nopt": "^7.0.0", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 14 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
126131
15
3547
8
4
20
1
+ Addedci-info@^3.8.0
+ Addedci-info@3.9.0(transitive)