@npmcli/promise-spawn - npm Package Compare versions

Comparing version 1.3.0 to 1.3.1

index.js

@@ -5,2 +5,7 @@ const {spawn} = require('child_process')
 
+const isPipe = (stdio = 'pipe', fd) =>
+  stdio === 'pipe' || stdio === null ? true
+  : Array.isArray(stdio) ? isPipe(stdio[fd], fd)
+  : false
+
 // 'extra' object is for decorating the error a bit more
@@ -24,10 +29,11 @@ const promiseSpawn = (cmd, args, opts, extra = {}) => {
 
-const stdioResult = (stdout, stderr, {stdioString}) =>
+const stdioResult = (stdout, stderr, {stdioString, stdio}) =>
   stdioString ? {
-    stdout: Buffer.concat(stdout).toString(),
-    stderr: Buffer.concat(stderr).toString(),
-  } : {
-    stdout: Buffer.concat(stdout),
-    stderr: Buffer.concat(stderr),
+    stdout: isPipe(stdio, 1) ? Buffer.concat(stdout).toString() : null,
+    stderr: isPipe(stdio, 2) ? Buffer.concat(stderr).toString() : null,
   }
+  : {
+    stdout: isPipe(stdio, 1) ? Buffer.concat(stdout) : null,
+    stderr: isPipe(stdio, 2) ? Buffer.concat(stderr) : null,
+  }
 
@@ -34,0 +40,0 @@ const promiseSpawnUid = (cmd, args, opts, extra) => {

package.json

 {
   "name": "@npmcli/promise-spawn",
-  "version": "1.3.0",
+  "version": "1.3.1",
   "files": [
@@ -5,0 +5,0 @@ "index.js"

README.md

@@ -48,2 +48,7 @@ # @npmcli/promise-spawn
 
+If `stdio` is set to anything other than `'inherit'`, then the result/error
+will be decorated with `stdout` and `stderr` values.  If `stdioString` is
+set to `true`, these will be strings.  Otherwise they will be Buffer
+objects.
+
 Returned promise is decorated with the `stdin` stream if the process is set
@@ -55,3 +60,3 @@ to pipe from `stdin`.  Writing to this stream writes to the `stdin` of the
 
-- `stdioString` Boolean, default `false`.  Return stdio/stderr output as
+- `stdioString` Boolean, default `false`.  Return stdout/stderr output as
   strings rather than buffers.
@@ -58,0 +63,0 @@ - `cwd` String, default `process.cwd()`.  Current working directory for

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

6112

increased by8.64%

Lines of code

73

increased by7.35%

Number of lines in readme file

67

increased by8.06%

Number of medium supply chain risk alerts

1

decreased by-50%

No dependency changes