@sourcebug/dpdm
Advanced tools
@sourcebug/dpdm - npm Package Compare versions
Comparing version 1.0.8 to 1.0.9
| { | ||
| "name": "@sourcebug/dpdm", | ||
| "version": "1.0.8", | ||
| "version": "1.0.9", | ||
| "private": false, | ||
@@ -37,3 +37,3 @@ "description": "Analyze circular dependencies in your JavaScript/TypeScript projects.", | ||
| "bin": { | ||
| "dpdm": "target/release/dpdm" | ||
| "dpdm": "scripts/dpdm.js" | ||
| }, | ||
@@ -58,4 +58,3 @@ "sideEffects": [ | ||
| "test": "echo 'Pass'", | ||
| "demo": "tsx ./src/bin/dpdm.ts ./example/index.js", | ||
| "postinstall": "node scripts/dpdm.js" | ||
| "demo": "tsx ./src/bin/dpdm.ts ./example/index.js" | ||
| }, | ||
@@ -62,0 +61,0 @@ "repository": { |
@@ -1,4 +0,4 @@ | ||
| const fs = require('fs'); | ||
| const path = require('path'); | ||
| const os = require('os'); | ||
| const { spawn } = require('child_process'); | ||
@@ -20,17 +20,18 @@ const platform = os.platform(); | ||
| const sourceDir = path.join(__dirname, '../target', keyStore[key], 'release'); | ||
| const sourceFile = path.join(sourceDir, 'dpdm'); | ||
| const targetDir = path.join(__dirname, '../target', 'release'); | ||
| const targetFile = path.join( | ||
| targetDir, | ||
| const binFile = path.join( | ||
| sourceDir, | ||
| platform === 'win32' ? 'dpdm.exe' : 'dpdm', | ||
| ); | ||
| if (!fs.existsSync(targetDir)) { | ||
| fs.mkdirSync(targetDir, { recursive: true }); | ||
| } | ||
| fs.copyFile(sourceFile, targetFile, (err) => { | ||
| if (err) { | ||
| console.error('Copy failed:', err); | ||
| } | ||
| const args = process.argv.slice(2); | ||
| const child = spawn(binFile, args, { stdio: 'inherit' }); | ||
| child.on('close', (code) => { | ||
| process.exit(code); | ||
| }); | ||
| child.on('error', (error) => { | ||
| console.error(`Failed to execute ${binFile}: ${error.message}`); | ||
| process.exit(1); | ||
| }); |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Fixed alerts
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by46.99%
38118079
- Number of package files
- increased by1.56%
65
- Number of high supply chain risk alerts
- decreased by-100%
0
- Number of low supply chain risk alerts
- decreased by-5.88%
16
Worsened metrics
- Lines of code
- decreased by-0.04%
2748
- Number of medium supply chain risk alerts
- increased by50%
6