@talend/babel-plugin-import-from-index - npm Package Compare versions

Comparing version 1.4.7 to 1.5.0

package.json

 {
   "name": "@talend/babel-plugin-import-from-index",
-  "version": "1.4.7",
+  "version": "1.5.0",
   "description": "Transform default imports from specific path to named import from index",
@@ -19,5 +19,8 @@ "main": "src/index.js",
   },
+  "dependencies": {
+    "semver": "^7.3.5"
+  },
   "devDependencies": {
-    "@babel/core": "^7.10.2",
-    "@babel/preset-env": "^7.10.2",
+    "@babel/core": "^7.13.1",
+    "@babel/preset-env": "^7.13.5",
     "babel-jest": "^26.0.1",
@@ -24,0 +27,0 @@ "babel-plugin-tester": "^9.2.0",

src/index.js

@@ -1,24 +0,25 @@
-const PACKAGES = [
-	'@talend/react-components',
-	'@talend/react-containers',
-	'lodash',
-	'react-bootstrap',
-	'redux-saga',
-];
+const dirname = require('path').dirname;
+const fs = require('fs');
+const semver = require('semver');
+const rules = require('./rules.json');
 
-const hasLib = {
-	lodash: false,
-	'react-bootstrap': true,
-	'@talend/react-components': true,
-	'@talend/react-containers': true,
-	'redux-saga': false,
-};
+const PACKAGES = Object.keys(rules);
 
-const hasNamedSubSupport = {
-	lodash: false,
-	'react-bootstrap': false,
-	'@talend/react-components': false,
-	'@talend/react-containers': false,
-	'redux-saga': true,
-};
+function getPackageVersion(packageName) {
+	let currentPath = require.resolve(packageName);
+	let pjson;
+	while(!pjson) {
+		const pjsonPath = `${currentPath}/package.json`;
+		if (fs.existsSync(pjsonPath)) {
+			pjson = pjsonPath;
+		} else {
+			currentPath = dirname(currentPath);
+		}
+	}
+	try {
+		return require(pjson).version;
+	} catch(error) {
+		console.error(`${packageName} NOT FOUND`, error);
+	}
+}
 
@@ -28,3 +29,3 @@ function find(importDeclarationPath) {
 	const found = PACKAGES.find(p => path === p || path.startsWith(`${p}/`));
-	if (found && hasLib[found]) {
+	if (found && rules[found].lib) {
 		if (path.replace(found, '').split('/').length > 3) {
@@ -38,2 +39,12 @@ console.error(`ERROR: import too deep: ${path}`);
 	}
+	if (found && rules[found]?.version) {
+		const version = getPackageVersion(found);
+		if (!version) {
+			// unittest ?
+			return found;
+		}
+		if (!semver.satisfies(version, rules[found].version)) {
+			return undefined;
+		}
+	}
 	return found;
@@ -84,3 +95,3 @@ }
 										const lastName = getLastNameInPath(importDeclarationPath.node.source.value);
-										if (type === 'ImportDefaultSpecifier' && hasNamedSubSupport[packageName]) {
+										if (type === 'ImportDefaultSpecifier' && rules[packageName].named) {
 											return types.importDefaultSpecifier(types.identifier(localName));
@@ -95,3 +106,3 @@ }
 											importedName = imported.name;
-											if (hasNamedSubSupport[packageName] && lastName) {
+											if (rules[packageName].named && lastName) {
 												let mustBeAdded = false;
@@ -98,0 +109,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

11369

increased by9.07%

Number of package files

6

increased by50%

Lines of code

304

increased by12.18%

Worsened metrics

Dependency count

1

increased byInfinity%

Number of low supply chain risk alerts

3

increased byInfinity%

Dependency changes

• + Addedsemver@^7.3.5

• + Addedsemver@7.6.3(transitive)