@scarf/scarf - npm Package Compare versions

Comparing version 0.1.1 to 0.1.2

package.json

 {
   "name": "@scarf/scarf",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "Scarf is like Google Analytics for your npm packages. Gain insights into how your packages are installed and used, and by which companies.",
@@ -5,0 +5,0 @@ "main": "report.js",

README.md

@@ -43,3 +43,3 @@ # scarf-js
 ```json5
-your-package/package.json
+// your-package/package.json
 
@@ -84,2 +84,7 @@ {
 
+### Developing
+
+Setting the environment variable `SCARF_LOCAL_PORT=8080` will configure Scarf to
+use http://localhost:${SCARF_LOCAL_PORT} as the analytics endpoint host.
+
 ### Future work
@@ -86,0 +91,0 @@

report.js

 const path = require('path')
 const os = require('os')
 const exec = require('child_process').exec
-const https = require('https')
+const localDevPort = process.env.SCARF_LOCAL_PORT
+const https = localDevPort ? require('http') : require('https')
 
+const scarfHost = localDevPort ? 'localhost' : 'scarf.sh'
 const scarfLibName = '@scarf/scarf'
-const scarfHost = 'scarf.sh'
 
@@ -42,11 +43,10 @@ const makeDefaultSettings = () => {
 
-    const parentScarfSettings = Object.assign(makeDefaultSettings(), output.scarfSettings || {})
-
     const dependencyInfo = {
       scarf: depsToScarf[depsToScarf.length - 1],
       parent: depsToScarf[depsToScarf.length - 2],
-      parentScarfSettings: parentScarfSettings,
       grandparent: depsToScarf[depsToScarf.length - 3] // might be undefined
     }
 
+    dependencyInfo.parent.scarfSettings = Object.assign(makeDefaultSettings(), dependencyInfo.parent.scarfSettings || {})
+
     return callback(dependencyInfo)
@@ -63,3 +63,3 @@ })
 
-    if (dependencyInfo.parentScarfSettings.defaultOptIn) {
+    if (dependencyInfo.parent.scarfSettings.defaultOptIn) {
       if (userHasOptedOut) {
@@ -114,2 +114,3 @@ return
       host: scarfHost,
+      port: localDevPort,
       method: 'POST',
@@ -149,4 +150,3 @@ path: '/package-event/install',
 //   scarfPackage: {name: `@scarf/scarf`, version: '0.0.1'},
-//   parentPackage: { name: 'scarfed-library', version: '1.0.0' },
-//   parentScarfSettings: { defaultOptIn: true },
+//   parentPackage: { name: 'scarfed-library', version: '1.0.0', scarfSettings: { defaultOptIn: true } },
 //   grandparentPackage: { name: 'scarfed-lib-consumer', version: '1.0.0' }
@@ -167,3 +167,9 @@ // }
       const depName = depNames[i]
-      const newPathToDep = pathToDep.concat([{ name: depName, version: deps[depName].version }])
+      const newPathToDep = pathToDep.concat([
+        {
+          name: depName,
+          version: deps[depName].version,
+          scarfSettings: deps[depName].scarfSettings
+        }
+      ])
       const result = findScarfInSubDepTree(newPathToDep, deps[depName].dependencies)
@@ -183,3 +189,7 @@ if (result) {
   } else {
-    return findScarfInSubDepTree([{ name: tree.name, version: tree.version }], tree.dependencies)
+    return findScarfInSubDepTree([{
+      name: tree.name,
+      version: tree.version,
+      scarfSettings: tree.scarfSettings
+    }], tree.dependencies)
   }
@@ -186,0 +196,0 @@ }

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

10914

increased by4.14%

Lines of code

172

increased by6.17%

Number of lines in readme file

92

increased by5.75%

Worsened metrics

Number of low supply chain risk alerts

7

increased by16.67%

Number of medium supply chain risk alerts

3

increased by50%

No dependency changes