@tangible/roller - npm Package Compare versions

Comparing version 2.1.2 to 2.1.3

commands/archive.js

@@ -29,2 +29,5 @@ /**
 
+  const args = process.argv.slice(2)
+  const skipConfirm = args.indexOf('-y') >= 0
+
   const { rootDir } = config
@@ -46,3 +49,6 @@ const {
     const childConfigPath = path.join(rootDir, childConfig)
-    const relativeChildRootPath = path.relative(rootDir, path.dirname(childConfigPath))
+    const relativeChildRootPath = path.relative(
+      rootDir,
+      path.dirname(childConfigPath),
+    )
 
@@ -66,3 +72,5 @@ /**
     src.push(...(configJson?.archive?.src ?? []).map(relativeToChildFolder))
-    exclude.push(...(configJson?.archive?.exclude ?? []).map(relativeToChildFolder))
+    exclude.push(
+      ...(configJson?.archive?.exclude ?? []).map(relativeToChildFolder),
+    )
   }
@@ -94,18 +102,20 @@
 
-  function waitKeyPressed() {
-    return new Promise((resolve) => {
-      // const wasRaw = process.stdin.isRaw
-      // process.stdin.setRawMode(true) // Single key press instead of line
-      process.stdin.resume()
-      process.stdin.once('data', (data) => {
-        process.stdin.pause()
-        // process.stdin.setRawMode(wasRaw)
-        resolve(data.toString())
+  if (!skipConfirm) {
+    function waitKeyPressed() {
+      return new Promise((resolve) => {
+        // const wasRaw = process.stdin.isRaw
+        // process.stdin.setRawMode(true) // Single key press instead of line
+        process.stdin.resume()
+        process.stdin.once('data', (data) => {
+          process.stdin.pause()
+          // process.stdin.setRawMode(wasRaw)
+          resolve(data.toString())
+        })
       })
-    })
+    }
+
+    console.log('Press enter to continue, or CTRL + C to stop')
+    await waitKeyPressed()
   }
 
-  console.log('Press enter to continue, or CTRL + C to stop')
-  await waitKeyPressed()
-
   /**
@@ -137,2 +147,4 @@ * https://github.com/fpsqdb/zip-lib
   })
+
+  console.log('Wrote', dest)
 }

package.json

 {
   "name": "@tangible/roller",
   "type": "module",
-  "version": "2.1.2",
+  "version": "2.1.3",
   "description": "Build project assets using Rollup and ESBuild",
@@ -6,0 +6,0 @@ "homepage": "https://github.com/tangibleinc/tangible-roller",

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 3 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 3 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

211146

0.09%

Lines of code

6001

0.17%

No dependency changes