@untool/core - npm Package Compare versions

Comparing version 0.5.0 to 0.7.0

CHANGELOG.md

@@ -6,2 +6,18 @@ # Change Log
 
+<a name="0.7.0"></a>
+# [0.7.0](https://github.com/untool/untool/compare/v0.4.0...v0.7.0) (2018-06-05)
+
+
+### Bug Fixes
+
+* update dependency cosmiconfig to v5 ([dc20aaf](https://github.com/untool/untool/commit/dc20aaf))
+
+
+### Features
+
+* **core:** make "UNTOOL" in UNTOOL_ENV configurable through UNTOOL_NSP ([20ecfbf](https://github.com/untool/untool/commit/20ecfbf))
+
+
+
+
 <a name="0.5.0"></a>
@@ -8,0 +24,0 @@ # [0.5.0](https://github.com/untool/untool/compare/v0.4.3...v0.5.0) (2018-05-07)

lib/config.js

@@ -45,3 +45,4 @@ const { basename, dirname, join } = require('path');
 const applyEnv = result => {
-  const env = process.env.UNTOOL_ENV || process.env.NODE_ENV;
+  const nsp = process.env.UNTOOL_NSP || 'untool';
+  const env = process.env[nsp.toUpperCase() + '_ENV'] || process.env.NODE_ENV;
   const config = result && result.config;
@@ -48,0 +49,0 @@ return result

package.json

 {
   "name": "@untool/core",
-  "version": "0.5.0",
+  "version": "0.7.0",
   "description": "untool core",
@@ -24,3 +24,3 @@ "main": "lib/core.js",
   "dependencies": {
-    "cosmiconfig": "^5.0.1",
+    "cosmiconfig": "^5.0.5",
     "enhanced-resolve": "^4.0.0",
@@ -31,3 +31,3 @@ "find-up": "^2.1.0",
     "lodash.mergewith": "^4.6.1",
-    "mixinable": "^2.0.0"
+    "mixinable": "^3.0.0"
   },
@@ -34,0 +34,0 @@ "engines": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

16124

increased by2.79%

Lines of code

166

increased by0.61%

Worsened metrics

Number of low supply chain risk alerts

6

increased by20%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedmixinable@3.1.2(transitive)

• - Removedmixinable@2.1.0(transitive)

• Updatedcosmiconfig@^5.0.5

• Updatedmixinable@^3.0.0