@toptal/davinci-monorepo - npm Package Compare versions

Comparing version 6.4.1-alpha-FX-1981-add-circularity-checker.1238 to 6.4.1-alpha-allow-publishing-non-monorepo.1265

package.json

 {
   "name": "@toptal/davinci-monorepo",
-  "version": "6.4.1-alpha-FX-1981-add-circularity-checker.1238+83479e9",
+  "version": "6.4.1-alpha-allow-publishing-non-monorepo.1265+428176f",
   "description": "Monorepo utility tools",
@@ -31,5 +31,6 @@ "publishConfig": {
   "dependencies": {
-    "@toptal/davinci-cli-shared": "1.3.5-alpha-FX-1981-add-circularity-checker.1238+83479e9"
+    "@toptal/davinci-cli-shared": "1.3.5-alpha-allow-publishing-non-monorepo.1265+428176f",
+    "glob": "^7.1.7"
   },
-  "gitHead": "83479e90fa9fda7261a26d9f0c61b45e776eaa04"
+  "gitHead": "428176ff193a627caeb5974c4177510a95f662e4"
 }

src/utils/get-workspaces.js

@@ -0,1 +1,2 @@
+const fs = require('fs')
 const path = require('path')
@@ -9,7 +10,15 @@ const glob = require('glob')
   return pkgJson.workspaces.flatMap(pattern =>
-    glob.sync(pattern).map(workspace => {
-      const workspacePath = path.join(root, workspace)
+    glob
+      .sync(pattern)
+      .map(workspace => {
+        const workspacePath = path.join(root, workspace)
+        const packageJsonPath = path.join(workspacePath, 'package.json')
 
-      return require(path.join(workspacePath, 'package.json'))
-    })
+        if (fs.existsSync(packageJsonPath)) {
+          return require(path.join(workspacePath, 'package.json'))
+        }
+
+        return false
+      })
+      .filter(Boolean)
   )
@@ -16,0 +25,0 @@ }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

4928

increased by5.1%

Lines of code

102

increased by8.51%

Worsened metrics

Dependency count

2

increased by100%

Number of low supply chain risk alerts

3

increased by50%

Dependency changes

• + Addedglob@^7.1.7

• + Addedbalanced-match@1.0.2(transitive)

• + Addedbrace-expansion@1.1.11(transitive)

• + Addedconcat-map@0.0.1(transitive)

• + Addedfs.realpath@1.0.0(transitive)

• + Addedglob@7.2.3(transitive)

• + Addedinflight@1.0.6(transitive)

• + Addedinherits@2.0.4(transitive)

• + Addedminimatch@3.1.2(transitive)

• + Addedonce@1.4.0(transitive)

• + Addedpath-is-absolute@1.0.1(transitive)

• + Addedwrappy@1.0.2(transitive)

• Updated@toptal/davinci-cli-shared@1.3.5-alpha-allow-publishing-non-monorepo.1265+428176f