@stackaid/stackaid-json-generator - npm Package Compare versions

Comparing version 1.9.1 to 1.9.2-1

dist/cjs/generate.d.ts

 import { DependencyConfig, GraphConfig, PackageJson, StackAidDependency } from './types/index.js';
 export declare const generators: {
     go: ({ owner, repo, filename, sourceDir, }: Omit<DependencyConfig, 'octokit'>) => Promise<StackAidDependency[]>;
-    javascript: ({ octokit, owner, repo, filename, }: DependencyConfig) => Promise<PackageJson>;
+    javascript: ({ octokit, owner, repo, filename, }: DependencyConfig) => Promise<PackageJson | null>;
     graph: ({ octokit, owner, repo, after, }: GraphConfig) => Promise<StackAidDependency[]>;
 };

dist/cjs/generate.js

@@ -46,5 +46,11 @@ "use strict";
 const getJavaScriptDependencies = ({ octokit, owner, repo, filename, }) => __awaiter(void 0, void 0, void 0, function* () {
-    const content = yield (0, queries_js_1.getClient)(octokit).getFileContents(owner, repo, filename);
-    const { dependencies, devDependencies } = JSON.parse(content);
-    return { filename, dependencies, devDependencies };
+    try {
+        const content = yield (0, queries_js_1.getClient)(octokit).getFileContents(owner, repo, filename);
+        const { dependencies, devDependencies } = JSON.parse(content);
+        return { filename, dependencies, devDependencies };
+    }
+    catch (error) {
+        // File may not exist or not be valid JSON
+        return null;
+    }
 });
@@ -51,0 +57,0 @@ const getGoDependencies = ({ owner, repo, filename, sourceDir, }) => __awaiter(void 0, void 0, void 0, function* () {

dist/cjs/index.js

@@ -61,3 +61,5 @@ "use strict";
                 const deps = yield generate.javascript(Object.assign(Object.assign({}, config), { filename }));
-                packageJson.push(deps);
+                if (deps) {
+                    packageJson.push(deps);
+                }
                 break;
@@ -64,0 +66,0 @@ }

dist/esm/generate.d.ts

 import { DependencyConfig, GraphConfig, PackageJson, StackAidDependency } from './types/index.js';
 export declare const generators: {
     go: ({ owner, repo, filename, sourceDir, }: Omit<DependencyConfig, 'octokit'>) => Promise<StackAidDependency[]>;
-    javascript: ({ octokit, owner, repo, filename, }: DependencyConfig) => Promise<PackageJson>;
+    javascript: ({ octokit, owner, repo, filename, }: DependencyConfig) => Promise<PackageJson | null>;
     graph: ({ octokit, owner, repo, after, }: GraphConfig) => Promise<StackAidDependency[]>;
 };

dist/esm/generate.js

@@ -8,5 +8,11 @@ import * as go from './go.js';
 const getJavaScriptDependencies = async ({ octokit, owner, repo, filename, }) => {
-    const content = await getClient(octokit).getFileContents(owner, repo, filename);
-    const { dependencies, devDependencies } = JSON.parse(content);
-    return { filename, dependencies, devDependencies };
+    try {
+        const content = await getClient(octokit).getFileContents(owner, repo, filename);
+        const { dependencies, devDependencies } = JSON.parse(content);
+        return { filename, dependencies, devDependencies };
+    }
+    catch (error) {
+        // File may not exist or not be valid JSON
+        return null;
+    }
 };
@@ -13,0 +19,0 @@ const getGoDependencies = async ({ owner, repo, filename, sourceDir, }) => {

dist/esm/index.js

@@ -25,3 +25,5 @@ import * as core from '@actions/core';
                 const deps = await generate.javascript({ ...config, filename });
-                packageJson.push(deps);
+                if (deps) {
+                    packageJson.push(deps);
+                }
                 break;
@@ -28,0 +30,0 @@ }

package.json

 {
   "name": "@stackaid/stackaid-json-generator",
-  "version": "1.9.1",
+  "version": "1.9.2-1",
   "private": false,
@@ -5,0 +5,0 @@ "description": "Generate a stackaid.json file based on your repository's dependency graph",

New alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

2429688

0.02%

Lines of code

52228

0.03%

Number of medium supply chain risk alerts

2

-33.33%

Worsened metrics

Number of low quality alerts

2

100%

No dependency changes