@vercel/build-utils
Advanced tools
@vercel/build-utils - npm Package Compare versions
Comparing version 5.4.3 to 5.4.4
@@ -18,12 +18,16 @@ "use strict"; | ||
| } | ||
| // the system path is called `Path` on Windows and Node.js will | ||
| // automatically return the system path when accessing `PATH`, | ||
| // however we lose this proxied value when we destructure and | ||
| // thus we must explicitly copy it | ||
| if (hasOwnProperty.call(env, 'PATH') || hasOwnProperty.call(env, 'Path')) { | ||
| obj.PATH = env.PATH; | ||
| // mixin the env first | ||
| obj = Object.assign(obj, env); | ||
| if (hasOwnProperty.call(env, 'Path')) { | ||
| // the system path is called `Path` on Windows and Node.js will | ||
| // automatically return the system path when accessing `PATH`, | ||
| // however we lose this proxied value when we destructure and | ||
| // thus we must explicitly copy it, but we must also remove the | ||
| // `Path` property since we can't have both a `PATH` and `Path` | ||
| obj.PATH = obj.Path; | ||
| delete obj.Path; | ||
| } | ||
| return Object.assign(obj, env); | ||
| return obj; | ||
| }, {}); | ||
| } | ||
| exports.cloneEnv = cloneEnv; |
@@ -307,2 +307,6 @@ "use strict"; | ||
| let commandArgs; | ||
| const isPotentiallyBrokenNpm = cliType === 'npm' && | ||
| nodeVersion?.major === 16 && | ||
| !args.includes('--legacy-peer-deps') && | ||
| spawnOpts?.env?.ENABLE_EXPERIMENTAL_COREPACK !== '1'; | ||
| if (cliType === 'npm') { | ||
@@ -313,5 +317,4 @@ opts.prettyCommand = 'npm install'; | ||
| .concat(['install', '--no-audit', '--unsafe-perm']); | ||
| if (nodeVersion?.major === 16 && | ||
| spawnOpts?.env?.VERCEL_NPM_LEGACY_PEER_DEPS === '1' && | ||
| spawnOpts?.env?.ENABLE_EXPERIMENTAL_COREPACK !== '1') { | ||
| if (isPotentiallyBrokenNpm && | ||
| spawnOpts?.env?.VERCEL_NPM_LEGACY_PEER_DEPS === '1') { | ||
| // Starting in npm@8.6.0, if you ran `npm install --legacy-peer-deps`, | ||
@@ -341,3 +344,15 @@ // and then later ran `npm install`, it would fail. So the only way | ||
| } | ||
| await spawnAsync(cliType, commandArgs, opts); | ||
| try { | ||
| await spawnAsync(cliType, commandArgs, opts); | ||
| } | ||
| catch (_) { | ||
| const potentialErrorPath = path_1.default.join(process.env.HOME || '/', '.npm', 'eresolve-report.txt'); | ||
| if (isPotentiallyBrokenNpm && | ||
| !commandArgs.includes('--legacy-peer-deps') && | ||
| fs_extra_1.default.existsSync(potentialErrorPath)) { | ||
| console.warn('Warning: Retrying "Install Command" with `--legacy-peer-deps` which may accept a potentially broken dependency and slow install time.'); | ||
| commandArgs.push('--legacy-peer-deps'); | ||
| await spawnAsync(cliType, commandArgs, opts); | ||
| } | ||
| } | ||
| debug_1.default(`Install complete [${Date.now() - installTime}ms]`); | ||
@@ -344,0 +359,0 @@ return true; |
| { | ||
| "name": "@vercel/build-utils", | ||
| "version": "5.4.3", | ||
| "version": "5.4.4", | ||
| "license": "MIT", | ||
@@ -50,3 +50,3 @@ "main": "./dist/index.js", | ||
| }, | ||
| "gitHead": "619ca9342156758efdb0db8adaf20e0d4a1493e4" | ||
| "gitHead": "27f4034bdce427953fea094b1c4dfbfb00342b54" | ||
| } |
Sorry, the diff of this file is too big to display
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.13%
1525540
- Lines of code
- increased by0.12%
31348
Worsened metrics
- Number of low supply chain risk alerts
- increased by5.56%
19