@npmcli/git
Advanced tools
@npmcli/git - npm Package Compare versions
Comparing version 5.0.7 to 5.0.8
@@ -0,7 +1,49 @@ | ||
| const fs = require('node:fs') | ||
| const os = require('node:os') | ||
| const path = require('node:path') | ||
| const ini = require('ini') | ||
| const gitConfigPath = path.join(os.homedir(), '.gitconfig') | ||
| let cachedConfig = null | ||
| // Function to load and cache the git config | ||
| const loadGitConfig = () => { | ||
| if (cachedConfig === null) { | ||
| try { | ||
| cachedConfig = {} | ||
| if (fs.existsSync(gitConfigPath)) { | ||
| const configContent = fs.readFileSync(gitConfigPath, 'utf-8') | ||
| cachedConfig = ini.parse(configContent) | ||
| } | ||
| } catch (error) { | ||
| cachedConfig = {} | ||
| } | ||
| } | ||
| return cachedConfig | ||
| } | ||
| const checkGitConfigs = () => { | ||
| const config = loadGitConfig() | ||
| return { | ||
| sshCommandSetInConfig: config?.core?.sshCommand !== undefined, | ||
| askPassSetInConfig: config?.core?.askpass !== undefined, | ||
| } | ||
| } | ||
| const sshCommandSetInEnv = process.env.GIT_SSH_COMMAND !== undefined | ||
| const askPassSetInEnv = process.env.GIT_ASKPASS !== undefined | ||
| const { sshCommandSetInConfig, askPassSetInConfig } = checkGitConfigs() | ||
| // Values we want to set if they're not already defined by the end user | ||
| // This defaults to accepting new ssh host key fingerprints | ||
| const gitEnv = { | ||
| GIT_ASKPASS: 'echo', | ||
| GIT_SSH_COMMAND: 'ssh -oStrictHostKeyChecking=accept-new', | ||
| const finalGitEnv = { | ||
| ...(askPassSetInEnv || askPassSetInConfig ? {} : { | ||
| GIT_ASKPASS: 'echo', | ||
| }), | ||
| ...(sshCommandSetInEnv || sshCommandSetInConfig ? {} : { | ||
| GIT_SSH_COMMAND: 'ssh -oStrictHostKeyChecking=accept-new', | ||
| }), | ||
| } | ||
| module.exports = (opts = {}) => ({ | ||
@@ -11,3 +53,6 @@ stdioString: true, | ||
| shell: false, | ||
| env: opts.env || { ...gitEnv, ...process.env }, | ||
| env: opts.env || { ...finalGitEnv, ...process.env }, | ||
| }) | ||
| // Export the loadGitConfig function for testing | ||
| module.exports.loadGitConfig = loadGitConfig |
| { | ||
| "name": "@npmcli/git", | ||
| "version": "5.0.7", | ||
| "version": "5.0.8", | ||
| "main": "lib/index.js", | ||
@@ -41,2 +41,3 @@ "files": [ | ||
| "@npmcli/promise-spawn": "^7.0.0", | ||
| "ini": "^4.1.3", | ||
| "lru-cache": "^10.0.1", | ||
@@ -43,0 +44,0 @@ "npm-pick-manifest": "^9.0.0", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 3 instances in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by5.82%
23042
- Lines of code
- increased by7.91%
505
Worsened metrics
- Dependency count
- increased by12.5%
9
- Number of low supply chain risk alerts
- increased by150%
5
Dependency changes
+ Addedini@^4.1.3
+ Addedini@4.1.3(transitive)