@vercel/build-utils - npm Package Compare versions

Comparing version 13.2.14 to 13.2.15

CHANGELOG.md

 # @vercel/build-utils
 
+## 13.2.15
+
+### Patch Changes
+
+- Optimize `getAvailableNodeVersions` to skip discontinued versions and use non-throwing `statSync` ([#14686](https://github.com/vercel/vercel/pull/14686))
+
 ## 13.2.14
@@ -4,0 +10,0 @@

dist/fs/node-version.js

@@ -114,10 +114,7 @@ "use strict";
 function isNodeVersionAvailable(version) {
-  try {
-    return (0, import_fs.statSync)(`/node${version.major}`).isDirectory();
-  } catch {
-  }
-  return false;
+  const stat = (0, import_fs.statSync)(`/node${version.major}`, { throwIfNoEntry: false });
+  return stat?.isDirectory() ?? false;
 }
 function getAvailableNodeVersions() {
-  return getOptions().filter(isNodeVersionAvailable).map((n) => n.major);
+  return getOptions().filter((v) => v.major >= 18).filter(isNodeVersionAvailable).map((n) => n.major);
 }
@@ -157,3 +154,3 @@ function getHint(isAuto = false, availableVersions) {
         link: "https://vercel.link/node-version",
-        message: `Found invalid Node.js Version: "${engineRange}". ${getHint(
+        message: `Found invalid or discontinued Node.js Version: "${engineRange}". ${getHint(
           isAuto,
@@ -160,0 +157,0 @@ availableVersions

package.json

 {
   "name": "@vercel/build-utils",
-  "version": "13.2.14",
+  "version": "13.2.15",
   "license": "Apache-2.0",
@@ -50,4 +50,4 @@ "main": "./dist/index.js",
     "json5": "2.2.3",
-    "@vercel/routing-utils": "5.3.2",
-    "@vercel/error-utils": "2.0.3"
+    "@vercel/error-utils": "2.0.3",
+    "@vercel/routing-utils": "5.3.2"
   },
@@ -54,0 +54,0 @@ "scripts": {

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 11 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 3 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 11 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 3 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1451601

0.02%

Worsened metrics

Lines of code

33663

-0.02%

No dependency changes