@vue/cli-shared-utils - npm Package Compare versions

Comparing version 4.1.2 to 4.2.0

index.js

@@ -9,2 +9,3 @@ [
   'openBrowser',
+  'pkg',
   'pluginResolution',
@@ -11,0 +12,0 @@ 'launch',

lib/env.js

@@ -133,2 +133,17 @@ const { execSync } = require('child_process')
 
+const _npmProjects = new LRU({
+  max: 10,
+  maxAge: 1000
+})
+exports.hasProjectNpm = (cwd) => {
+  if (_npmProjects.has(cwd)) {
+    return true
+  }
+
+  const lockFile = path.join(cwd, 'package-lock.json')
+  const result = fs.existsSync(lockFile)
+  _npmProjects.set(cwd, result)
+  return result
+}
+
 // OS
@@ -135,0 +150,0 @@ exports.isWindows = process.platform === 'win32'

lib/module.js

@@ -0,5 +1,21 @@
+const Module = require('module')
+const path = require('path')
+
 const semver = require('semver')
 
+// https://github.com/benmosher/eslint-plugin-import/pull/1591
+// https://github.com/benmosher/eslint-plugin-import/pull/1602
+// Polyfill Node's `Module.createRequireFromPath` if not present (added in Node v10.12.0)
+// Use `Module.createRequire` if available (added in Node v12.2.0)
+const createRequire = Module.createRequire || Module.createRequireFromPath || function (filename) {
+  const mod = new Module(filename, null)
+  mod.filename = filename
+  mod.paths = Module._nodeModulePaths(path.dirname(filename))
+
+  mod._compile(`module.exports = require;`, filename)
+
+  return mod.exports
+}
+
 function resolveFallback (request, options) {
-  const Module = require('module')
   const isMain = false
@@ -11,7 +27,7 @@ const fakeParent = new Module('', null)
   for (let i = 0; i < options.paths.length; i++) {
-    const path = options.paths[i]
-    fakeParent.paths = Module._nodeModulePaths(path)
+    const p = options.paths[i]
+    fakeParent.paths = Module._nodeModulePaths(p)
     const lookupPaths = Module._resolveLookupPaths(request, fakeParent, true)
 
-    if (!paths.includes(path)) paths.push(path)
+    if (!paths.includes(p)) paths.push(p)
 
@@ -39,5 +55,7 @@ for (let j = 0; j < lookupPaths.length; j++) {
   try {
-    resolvedPath = resolve(request, {
-      paths: [context]
-    })
+    try {
+      resolvedPath = createRequire(path.resolve(context, 'package.json')).resolve(request)
+    } catch (e) {
+      resolvedPath = resolve(request, { paths: [context] })
+    }
   } catch (e) {}
@@ -48,8 +66,17 @@ return resolvedPath
 exports.loadModule = function (request, context, force = false) {
-  const resolvedPath = exports.resolveModule(request, context)
-  if (resolvedPath) {
-    if (force) {
-      clearRequireCache(resolvedPath)
+  // createRequire doesn't work with jest mock modules (which we used in migrator, for inquirer)
+  if (process.env.VUE_CLI_TEST && request.endsWith('migrator')) {
+    return require(request)
+  }
+
+  try {
+    return createRequire(path.resolve(context, 'package.json'))(request)
+  } catch (e) {
+    const resolvedPath = exports.resolveModule(request, context)
+    if (resolvedPath) {
+      if (force) {
+        clearRequireCache(resolvedPath)
+      }
+      return require(resolvedPath)
     }
-    return require(resolvedPath)
   }
@@ -56,0 +83,0 @@ }

lib/openBrowser.js

@@ -98,3 +98,3 @@ /**
   try {
-    var options = { app: browser }
+    var options = { app: browser, url: true }
     open(url, options).catch(() => {}) // Prevent `unhandledRejection` error.
@@ -101,0 +101,0 @@ return true

lib/request.js

 exports.request = {
-  get (uri) {
+  get (uri, opts) {
     // lazy require
@@ -10,3 +10,4 @@ const request = require('request-promise-native')
       json: true,
-      uri
+      uri,
+      ...opts
     }
@@ -13,0 +14,0 @@

package.json

 {
   "name": "@vue/cli-shared-utils",
-  "version": "4.1.2",
+  "version": "4.2.0",
   "description": "shared utilities for vue-cli packages",
@@ -31,2 +31,3 @@ "main": "index.js",
     "ora": "^3.4.0",
+    "read-pkg": "^5.1.1",
     "request": "^2.87.0",
@@ -40,3 +41,3 @@ "request-promise-native": "^1.0.8",
   },
-  "gitHead": "3b7227d54402bc1c21394bd57597e5fbe94e9107"
+  "gitHead": "079a451f18003eabf3eca88107df75b5583024d7"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

27857

increased by6.29%

Number of package files

19

increased by5.56%

Lines of code

839

increased by5.8%

Worsened metrics

Dependency count

13

increased by8.33%

Number of low supply chain risk alerts

18

increased by20%

Dependency changes

• + Addedread-pkg@^5.1.1

• + Added@babel/code-frame@7.25.7(transitive)

• + Added@babel/helper-validator-identifier@7.25.7(transitive)

• + Added@babel/highlight@7.25.7(transitive)

• + Added@types/normalize-package-data@2.4.4(transitive)

• + Addederror-ex@1.3.2(transitive)

• + Addedfunction-bind@1.1.2(transitive)

• + Addedhasown@2.0.2(transitive)

• + Addedhosted-git-info@2.8.9(transitive)

• + Addedis-arrayish@0.2.1(transitive)

• + Addedis-core-module@2.15.1(transitive)

• + Addedjs-tokens@4.0.0(transitive)

• + Addedjson-parse-even-better-errors@2.3.1(transitive)

• + Addedlines-and-columns@1.2.4(transitive)

• + Addednormalize-package-data@2.5.0(transitive)

• + Addedparse-json@5.2.0(transitive)

• + Addedpath-parse@1.0.7(transitive)

• + Addedread-pkg@5.2.0(transitive)

• + Addedresolve@1.22.8(transitive)

• + Addedspdx-correct@3.2.0(transitive)

• + Addedspdx-exceptions@2.5.0(transitive)

• + Addedspdx-expression-parse@3.0.1(transitive)

• + Addedspdx-license-ids@3.0.20(transitive)

• + Addedsupports-preserve-symlinks-flag@1.0.0(transitive)

• + Addedtype-fest@0.6.0(transitive)

• + Addedvalidate-npm-package-license@3.0.4(transitive)