@scarf/scarf
Advanced tools
Comparing version 0.1.1 to 0.1.2
{ | ||
"name": "@scarf/scarf", | ||
"version": "0.1.1", | ||
"version": "0.1.2", | ||
"description": "Scarf is like Google Analytics for your npm packages. Gain insights into how your packages are installed and used, and by which companies.", | ||
@@ -5,0 +5,0 @@ "main": "report.js", |
@@ -43,3 +43,3 @@ # scarf-js | ||
```json5 | ||
your-package/package.json | ||
// your-package/package.json | ||
@@ -84,2 +84,7 @@ { | ||
### Developing | ||
Setting the environment variable `SCARF_LOCAL_PORT=8080` will configure Scarf to | ||
use http://localhost:${SCARF_LOCAL_PORT} as the analytics endpoint host. | ||
### Future work | ||
@@ -86,0 +91,0 @@ |
const path = require('path') | ||
const os = require('os') | ||
const exec = require('child_process').exec | ||
const https = require('https') | ||
const localDevPort = process.env.SCARF_LOCAL_PORT | ||
const https = localDevPort ? require('http') : require('https') | ||
const scarfHost = localDevPort ? 'localhost' : 'scarf.sh' | ||
const scarfLibName = '@scarf/scarf' | ||
const scarfHost = 'scarf.sh' | ||
@@ -42,11 +43,10 @@ const makeDefaultSettings = () => { | ||
const parentScarfSettings = Object.assign(makeDefaultSettings(), output.scarfSettings || {}) | ||
const dependencyInfo = { | ||
scarf: depsToScarf[depsToScarf.length - 1], | ||
parent: depsToScarf[depsToScarf.length - 2], | ||
parentScarfSettings: parentScarfSettings, | ||
grandparent: depsToScarf[depsToScarf.length - 3] // might be undefined | ||
} | ||
dependencyInfo.parent.scarfSettings = Object.assign(makeDefaultSettings(), dependencyInfo.parent.scarfSettings || {}) | ||
return callback(dependencyInfo) | ||
@@ -63,3 +63,3 @@ }) | ||
if (dependencyInfo.parentScarfSettings.defaultOptIn) { | ||
if (dependencyInfo.parent.scarfSettings.defaultOptIn) { | ||
if (userHasOptedOut) { | ||
@@ -114,2 +114,3 @@ return | ||
host: scarfHost, | ||
port: localDevPort, | ||
method: 'POST', | ||
@@ -149,4 +150,3 @@ path: '/package-event/install', | ||
// scarfPackage: {name: `@scarf/scarf`, version: '0.0.1'}, | ||
// parentPackage: { name: 'scarfed-library', version: '1.0.0' }, | ||
// parentScarfSettings: { defaultOptIn: true }, | ||
// parentPackage: { name: 'scarfed-library', version: '1.0.0', scarfSettings: { defaultOptIn: true } }, | ||
// grandparentPackage: { name: 'scarfed-lib-consumer', version: '1.0.0' } | ||
@@ -167,3 +167,9 @@ // } | ||
const depName = depNames[i] | ||
const newPathToDep = pathToDep.concat([{ name: depName, version: deps[depName].version }]) | ||
const newPathToDep = pathToDep.concat([ | ||
{ | ||
name: depName, | ||
version: deps[depName].version, | ||
scarfSettings: deps[depName].scarfSettings | ||
} | ||
]) | ||
const result = findScarfInSubDepTree(newPathToDep, deps[depName].dependencies) | ||
@@ -183,3 +189,7 @@ if (result) { | ||
} else { | ||
return findScarfInSubDepTree([{ name: tree.name, version: tree.version }], tree.dependencies) | ||
return findScarfInSubDepTree([{ | ||
name: tree.name, | ||
version: tree.version, | ||
scarfSettings: tree.scarfSettings | ||
}], tree.dependencies) | ||
} | ||
@@ -186,0 +196,0 @@ } |
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
10914
172
92
7
3