@platformatic/foundation - npm Package Compare versions

Comparing version 3.19.0 to 3.20.0

lib/configuration.js

@@ -343,3 +343,3 @@ import toml from '@iarna/toml'
 
-export async function loadEnv (root, ignoreProcessEnv = false, additionalEnv = {}) {
+export async function loadEnv (root, ignoreProcessEnv = false, additionalEnv = {}, customEnvFile = null) {
   if (!isAbsolute(root)) {
@@ -349,25 +349,34 @@ root = resolve(process.cwd(), root)
 
-  let currentPath = root
-  const rootPath = parse(root).root
+  let envFile = customEnvFile
 
-  // Search for the .env file in the current directory and its parents
-  let envFile
-  while (currentPath !== rootPath) {
-    const candidate = resolve(currentPath, '.env')
-
-    if (await isFileAccessible(candidate)) {
-      envFile = candidate
-      break
+  // If a custom env file is provided, resolve it and check if it exists
+  if (customEnvFile) {
+    envFile = isAbsolute(customEnvFile) ? customEnvFile : resolve(root, customEnvFile)
+    if (!(await isFileAccessible(envFile))) {
+      throw new Error(`Custom env file not found: ${envFile}`)
     }
+  } else {
+    // Default behavior: search for .env file in the current directory and its parents
+    let currentPath = root
+    const rootPath = parse(root).root
 
-    currentPath = dirname(currentPath)
-  }
+    while (currentPath !== rootPath) {
+      const candidate = resolve(currentPath, '.env')
 
-  // If not found, check the current working directory
-  if (!envFile) {
-    const cwdCandidate = resolve(process.cwd(), '.env')
+      if (await isFileAccessible(candidate)) {
+        envFile = candidate
+        break
+      }
 
-    if (await isFileAccessible(cwdCandidate)) {
-      envFile = cwdCandidate
+      currentPath = dirname(currentPath)
     }
+
+    // If not found, check the current working directory
+    if (!envFile) {
+      const cwdCandidate = resolve(process.cwd(), '.env')
+
+      if (await isFileAccessible(cwdCandidate)) {
+        envFile = cwdCandidate
+      }
+    }
   }
@@ -451,3 +460,4 @@
     logger,
-    skipMetadata
+    skipMetadata,
+    envFile: customEnvFile
   } = {
@@ -479,3 +489,3 @@ validate: !!schema,
 
-  const env = await loadEnv(root, ignoreProcessEnv, additionalEnv)
+  const env = await loadEnv(root, ignoreProcessEnv, additionalEnv, customEnvFile)
   env.PLT_ROOT = root
@@ -482,0 +492,0 @@

lib/schema.js

@@ -602,4 +602,5 @@ export function overridableValue (spec, defaultValue) {
     maxHeapUsed: overridableValue({ type: 'number', minimum: 0, maximum: 1 }, 0.99),
-    maxHeapTotal: overridableValue({ type: 'number', minimum: 0 }),
-    maxYoungGeneration: overridableValue({ type: 'number', minimum: 0 })
+    maxHeapTotal: overridableValue({ type: 'number', minimum: 0 }, 4 * Math.pow(1024, 3)), // 4GB
+    maxYoungGeneration: overridableValue({ type: 'number', minimum: 0 }, 128 * Math.pow(1024, 2)), // 128MB,
+    codeRangeSize: overridableValue({ type: 'number', minimum: 0 }, 268435456)
   },
@@ -606,0 +607,0 @@ additionalProperties: false

package.json

 {
   "name": "@platformatic/foundation",
-  "version": "3.19.0",
+  "version": "3.20.0",
   "description": "Platformatic Foundation",
@@ -5,0 +5,0 @@ "main": "index.js",

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

105535

0.56%

Lines of code

3112

0.32%

No dependency changes