@shopify/react-async - npm Package Compare versions

Comparing version 1.2.1 to 1.2.2

CHANGELOG.md

@@ -10,2 +10,8 @@ # Changelog
 
+## 1.2.2 - 2019-02-27
+
+### Fixed
+
+- The library now performs a more exhaustive obfuscation of `require` to reliably fool Webpack ([#537](https://github.com/Shopify/quilt/pull/537))
+
 ## 1.2.1 - 2019-02-26
@@ -12,0 +18,0 @@

dist/Async.js

@@ -93,3 +93,17 @@ "use strict";
 // is not the module bundler.
-var nodeRequire = typeof require === 'function' ? require : undefined;
+//
+// If we ever reference `require` directly, Webpack complains. So, we first
+// check global["require"], which works in Node. However, this doesn’t work
+// in Jest when the test is set to simulate a browser, as global in that case
+// in a Window object. There, we can only rely on module.require, which is
+// actually supposed to be something different but in Jest is the same as
+// the global require function.
+var requireKey = 'require';
+var nodeRequire = (typeof global === 'object' &&
+    typeof global[requireKey] === 'function' &&
+    global[requireKey]) ||
+    (typeof module === 'object' &&
+        typeof module[requireKey] === 'function' &&
+        module[requireKey]) ||
+    undefined;
 // If we have an ID, we try to first use Webpack’s internal stuff
@@ -96,0 +110,0 @@ // to resolve the module. If those don’t exist, we know we aren’t

package.json

 {
   "name": "@shopify/react-async",
-  "version": "1.2.1",
+  "version": "1.2.2",
   "license": "MIT",
@@ -5,0 +5,0 @@ "description": "Tools for creating powerful, asynchronously-loaded React components.",

Fixed alerts

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

40945

increased by2.02%

Lines of code

628

increased by2.28%

Number of low supply chain risk alerts

0

decreased by-100%

No dependency changes