@vercel/node - npm Package Compare versions

Comparing version 2.3.0 to 2.3.1

dist/dev-server.js

@@ -71,4 +71,5 @@ "use strict";
 const ts_morph_1 = require("ts-morph");
-const ncc_1 = __importDefault(require("@vercel/ncc"));
+const esbuild_1 = __importDefault(require("esbuild"));
 const node_fetch_1 = __importDefault(require("node-fetch"));
+const util_1 = require("util");
 function logError(error) {
@@ -131,6 +132,16 @@ console.error(error.message);
     try {
-        const buildResult = await ncc_1.default(entrypoint, {
-            target: 'es2022',
+        const result = await esbuild_1.default.build({
+            platform: 'node',
+            target: 'node14',
+            sourcemap: 'inline',
+            bundle: true,
+            entryPoints: [entrypoint],
+            write: false,
+            format: 'cjs',
         });
-        const userCode = buildResult.code;
+        const compiledFile = result.outputFiles?.[0];
+        if (!compiledFile) {
+            throw new Error(`Compilation of ${entrypoint} produced no output files.`);
+        }
+        const userCode = new util_1.TextDecoder().decode(compiledFile.contents);
         return `
@@ -183,3 +194,4 @@ ${userCode};
         // So, stick with just the message for now.
-        console.log(`Failed to instantiate edge runtime: ${error.message}`);
+        console.error(`Failed to instantiate edge runtime.`);
+        logError(error);
         return undefined;
@@ -212,3 +224,4 @@ }
         // So, stick with just the message for now.
-        console.log(`Failed to instantiate edge runtime: ${error.message}`);
+        console.error('Failed to instantiate edge runtime.');
+        logError(error);
         return undefined;
@@ -215,0 +228,0 @@ }

package.json

 {
   "name": "@vercel/node",
-  "version": "2.3.0",
+  "version": "2.3.1",
   "license": "MIT",
@@ -35,6 +35,6 @@ "main": "./dist/index",
     "@vercel/build-utils": "4.2.0",
-    "@vercel/ncc": "0.24.0",
     "@vercel/node-bridge": "3.0.0",
     "@vercel/static-config": "2.0.1",
     "edge-runtime": "1.0.1",
+    "esbuild": "0.14.47",
     "exit-hook": "2.2.1",
@@ -56,2 +56,3 @@ "node-fetch": "2.6.1",
     "@types/test-listen": "1.1.0",
+    "@vercel/ncc": "0.24.0",
     "@vercel/nft": "0.19.1",
@@ -65,3 +66,3 @@ "content-type": "1.0.4",
   },
-  "gitHead": "eed39913e1394477b224c38efe29429b17eeada6"
+  "gitHead": "b399fe7037eb3e4c42167ba28e82c9ce0332f7a0"
 }

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 5 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 5 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

15351862

0

Lines of code

1867

0.7%

Worsened metrics

Dev dependency count

18

5.88%

Number of low supply chain risk alerts

12

9.09%

Dependency changes

• + Added

  esbuild@0.14.47

• + Added

  esbuild@0.14.47
  (transitive)

• + Added

  esbuild-android-64@0.14.47
  (transitive)

• + Added

  esbuild-android-arm64@0.14.47
  (transitive)

• + Added

  esbuild-darwin-64@0.14.47
  (transitive)

• + Added

  esbuild-darwin-arm64@0.14.47
  (transitive)

• + Added

  esbuild-freebsd-64@0.14.47
  (transitive)

• + Added

  esbuild-freebsd-arm64@0.14.47
  (transitive)

• + Added

  esbuild-linux-32@0.14.47
  (transitive)

• + Added

  esbuild-linux-64@0.14.47
  (transitive)

• + Added

  esbuild-linux-arm@0.14.47
  (transitive)

• + Added

  esbuild-linux-arm64@0.14.47
  (transitive)

• + Added

  esbuild-linux-mips64le@0.14.47
  (transitive)

• + Added

  esbuild-linux-ppc64le@0.14.47
  (transitive)

• + Added

  esbuild-linux-riscv64@0.14.47
  (transitive)

• + Added

  esbuild-linux-s390x@0.14.47
  (transitive)

• + Added

  esbuild-netbsd-64@0.14.47
  (transitive)

• + Added

  esbuild-openbsd-64@0.14.47
  (transitive)

• + Added

  esbuild-sunos-64@0.14.47
  (transitive)

• + Added

  esbuild-windows-32@0.14.47
  (transitive)

• + Added

  esbuild-windows-64@0.14.47
  (transitive)

• + Added

  esbuild-windows-arm64@0.14.47
  (transitive)

• - Removed

  @vercel/ncc@0.24.0

• - Removed

  @vercel/ncc@0.24.0
  (transitive)