@snyk/fix-pipenv-pipfile - npm Package Compare versions

Comparing version 0.3.5 to 0.4.0

dist/pipenv-install.js

@@ -13,5 +13,10 @@ "use strict";
 function getPythonArgs(config) {
+    const args = [];
     if (config.python) {
-        return ['--python', config.python]; // Performs the installation in a virtualenv using the provided Python interpreter.
+        args.push('--python', config.python); // Performs the installation in a virtualenv using the provided Python interpreter.
     }
+    if (process.env.PIPENV_SKIP_LOCK) {
+        args.push('--skip-lock');
+    }
+    return args;
 }
@@ -26,3 +31,5 @@ async function runPipenvInstall(projectPath, requirements, config) {
     try {
-        res = await sub_process_1.execute('pipenv', args, { cwd: projectPath });
+        res = await sub_process_1.execute('pipenv', args, {
+            cwd: projectPath,
+        });
     }
@@ -29,0 +36,0 @@ catch (e) {

dist/sub-process.js

@@ -9,9 +9,7 @@ "use strict";
 async function execute(command, args, options) {
+    var _a;
     const spawnOptions = {
-        shell: true,
         detached: true,
+        cwd: (_a = options === null || options === void 0 ? void 0 : options.cwd) !== null && _a !== void 0 ? _a : undefined,
     };
-    if (options && options.cwd) {
-        spawnOptions.cwd = options.cwd;
-    }
     const fullCommand = `${command} ${args.join(' ')}`;
@@ -21,11 +19,12 @@ const startTime = Date.now();
     try {
-        const worker = child_process_1.spawn(command, args, options);
+        const worker = child_process_1.spawn(command, args, spawnOptions);
         processId = worker.pid;
         return await new Promise((resolve, reject) => {
+            var _a, _b;
             let stderr = '';
             let stdout = '';
-            worker.stdout.on('data', (data) => {
+            (_a = worker.stdout) === null || _a === void 0 ? void 0 : _a.on('data', (data) => {
                 stdout += data;
             });
-            worker.stderr.on('data', (data) => {
+            (_b = worker.stderr) === null || _b === void 0 ? void 0 : _b.on('data', (data) => {
                 stderr += data;
@@ -32,0 +31,0 @@ });

package.json

 {
   "name": "@snyk/fix-pipenv-pipfile",
   "description": "Snyk python ecosystem fix remediation",
-  "version": "0.3.5",
+  "version": "0.4.0",
   "main": "dist/index.js",
@@ -67,3 +67,3 @@ "scripts": {
   },
-  "gitHead": "70e5ec72505dddcc42a0bc265ac2fa30ebc6a1b6"
+  "gitHead": "17eebf05e9e7d1d791b6dc3af84b225633dcb33c"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

14739

increased by2.84%

Lines of code

215

increased by2.87%

Worsened metrics

Number of low supply chain risk alerts

1

increased byInfinity%

No dependency changes