New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@yao-pkg/pkg

Package Overview
Dependencies
Maintainers
0
Versions
26
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@yao-pkg/pkg - npm Package Compare versions

Comparing version 5.15.0 to 5.16.0

lib-es5/colors.js

6

lib-es5/chmod.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.plusx = void 0;
const fs_extra_1 = require("fs-extra");
const promises_1 = require("fs/promises");
async function plusx(file) {
const s = await (0, fs_extra_1.stat)(file);
const s = await (0, promises_1.stat)(file);
const newMode = s.mode | 64 | 8 | 1;

@@ -12,5 +12,5 @@ if (s.mode === newMode) {

const base8 = newMode.toString(8).slice(-3);
await (0, fs_extra_1.chmod)(file, base8);
await (0, promises_1.chmod)(file, base8);
}
exports.plusx = plusx;
//# sourceMappingURL=chmod.js.map

47

lib-es5/help.js
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const chalk_1 = __importDefault(require("chalk"));
const colors_1 = require("./colors");
function help() {
// eslint-disable-next-line no-console
console.log(`
${chalk_1.default.bold('pkg')} [options] <input>
${colors_1.pc.bold('pkg')} [options] <input>
${chalk_1.default.dim('Options:')}
${colors_1.pc.dim('Options:')}

@@ -30,22 +27,22 @@ -h, --help output usage information

${chalk_1.default.dim('Examples:')}
${colors_1.pc.dim('Examples:')}
${chalk_1.default.gray('–')} Makes executables for Linux, macOS and Windows
${chalk_1.default.cyan('$ pkg index.js')}
${chalk_1.default.gray('–')} Takes package.json from cwd and follows 'bin' entry
${chalk_1.default.cyan('$ pkg .')}
${chalk_1.default.gray('–')} Makes executable for particular target machine
${chalk_1.default.cyan('$ pkg -t node14-win-arm64 index.js')}
${chalk_1.default.gray('–')} Makes executables for target machines of your choice
${chalk_1.default.cyan('$ pkg -t node16-linux,node18-linux,node18-win index.js')}
${chalk_1.default.gray('–')} Bakes '--expose-gc' and '--max-heap-size=34' into executable
${chalk_1.default.cyan('$ pkg --options "expose-gc,max-heap-size=34" index.js')}
${chalk_1.default.gray('–')} Consider packageA and packageB to be public
${chalk_1.default.cyan('$ pkg --public-packages "packageA,packageB" index.js')}
${chalk_1.default.gray('–')} Consider all packages to be public
${chalk_1.default.cyan('$ pkg --public-packages "*" index.js')}
${chalk_1.default.gray('–')} Bakes '--expose-gc' into executable
${chalk_1.default.cyan('$ pkg --options expose-gc index.js')}
${chalk_1.default.gray('–')} reduce size of the data packed inside the executable with GZip
${chalk_1.default.cyan('$ pkg --compress GZip index.js')}
${colors_1.pc.gray('–')} Makes executables for Linux, macOS and Windows
${colors_1.pc.cyan('$ pkg index.js')}
${colors_1.pc.gray('–')} Takes package.json from cwd and follows 'bin' entry
${colors_1.pc.cyan('$ pkg .')}
${colors_1.pc.gray('–')} Makes executable for particular target machine
${colors_1.pc.cyan('$ pkg -t node14-win-arm64 index.js')}
${colors_1.pc.gray('–')} Makes executables for target machines of your choice
${colors_1.pc.cyan('$ pkg -t node16-linux,node18-linux,node18-win index.js')}
${colors_1.pc.gray('–')} Bakes '--expose-gc' and '--max-heap-size=34' into executable
${colors_1.pc.cyan('$ pkg --options "expose-gc,max-heap-size=34" index.js')}
${colors_1.pc.gray('–')} Consider packageA and packageB to be public
${colors_1.pc.cyan('$ pkg --public-packages "packageA,packageB" index.js')}
${colors_1.pc.gray('–')} Consider all packages to be public
${colors_1.pc.cyan('$ pkg --public-packages "*" index.js')}
${colors_1.pc.gray('–')} Bakes '--expose-gc' into executable
${colors_1.pc.cyan('$ pkg --options expose-gc index.js')}
${colors_1.pc.gray('–')} reduce size of the data packed inside the executable with GZip
${colors_1.pc.cyan('$ pkg --compress GZip index.js')}
`);

@@ -52,0 +49,0 @@ }

33

lib-es5/index.js

@@ -9,3 +9,4 @@ "use strict";

const assert_1 = __importDefault(require("assert"));
const fs_extra_1 = require("fs-extra");
const fs_1 = require("fs");
const promises_1 = require("fs/promises");
const minimist_1 = __importDefault(require("minimist"));

@@ -26,3 +27,3 @@ const pkg_fetch_1 = require("@yao-pkg/pkg-fetch");

const options_1 = __importDefault(require("./options"));
const { version } = JSON.parse((0, fs_extra_1.readFileSync)(path_1.default.join(__dirname, '../package.json'), 'utf-8'));
const { version } = JSON.parse((0, fs_1.readFileSync)(path_1.default.join(__dirname, '../package.json'), 'utf-8'));
function isConfiguration(file) {

@@ -235,8 +236,8 @@ return (0, common_1.isPackageJson)(file) || file.endsWith('.config.json');

let input = path_1.default.resolve(argv._[0]);
if (!(0, fs_extra_1.existsSync)(input)) {
if (!(0, fs_1.existsSync)(input)) {
throw (0, log_1.wasReported)('Input file does not exist', [input]);
}
if ((await (0, fs_extra_1.stat)(input)).isDirectory()) {
if ((await (0, promises_1.stat)(input)).isDirectory()) {
input = path_1.default.join(input, 'package.json');
if (!(0, fs_extra_1.existsSync)(input)) {
if (!(0, fs_1.existsSync)(input)) {
throw (0, log_1.wasReported)('Input file does not exist', [input]);

@@ -249,3 +250,3 @@ }

if (isConfiguration(input)) {
inputJson = JSON.parse(await (0, fs_extra_1.readFile)(input, 'utf-8'));
inputJson = JSON.parse(await (0, promises_1.readFile)(input, 'utf-8'));
inputJsonName = inputJson.name;

@@ -270,3 +271,3 @@ if (inputJsonName) {

inputBin = path_1.default.resolve(path_1.default.dirname(input), bin);
if (!(0, fs_extra_1.existsSync)(inputBin)) {
if (!(0, fs_1.existsSync)(inputBin)) {
throw (0, log_1.wasReported)('Bin file does not exist (taken from package.json ' +

@@ -291,3 +292,3 @@ "'bin' property)", [inputBin]);

config = path_1.default.resolve(config);
if (!(0, fs_extra_1.existsSync)(config)) {
if (!(0, fs_1.existsSync)(config)) {
throw (0, log_1.wasReported)('Config file does not exist', [config]);

@@ -427,4 +428,4 @@ }

const signedBinaryPath = `${f.binaryPath}-signed`;
await (0, fs_extra_1.remove)(signedBinaryPath);
(0, fs_extra_1.copyFileSync)(f.binaryPath, signedBinaryPath);
await (0, promises_1.rm)(signedBinaryPath, { recursive: true, force: true });
(0, fs_1.copyFileSync)(f.binaryPath, signedBinaryPath);
try {

@@ -499,5 +500,5 @@ (0, mach_o_1.signMachOExecutable)(signedBinaryPath);

for (const target of targets) {
if (target.output && (0, fs_extra_1.existsSync)(target.output)) {
if ((await (0, fs_extra_1.stat)(target.output)).isFile()) {
await (0, fs_extra_1.remove)(target.output);
if (target.output && (0, fs_1.existsSync)(target.output)) {
if ((await (0, promises_1.stat)(target.output)).isFile()) {
await (0, promises_1.rm)(target.output, { recursive: true, force: true });
}

@@ -511,3 +512,3 @@ else {

else if (target.output) {
await (0, fs_extra_1.mkdirp)(path_1.default.dirname(target.output));
await (0, promises_1.mkdir)(path_1.default.dirname(target.output), { recursive: true });
}

@@ -526,4 +527,4 @@ await (0, producer_1.default)({

// patch executable to allow code signing
const buf = (0, mach_o_1.patchMachOExecutable)((0, fs_extra_1.readFileSync)(target.output));
(0, fs_extra_1.writeFileSync)(target.output, buf);
const buf = (0, mach_o_1.patchMachOExecutable)((0, fs_1.readFileSync)(target.output));
(0, fs_1.writeFileSync)(target.output, buf);
try {

@@ -530,0 +531,0 @@ // sign executable ad-hoc to workaround the new mandatory signing requirement

12

lib-es5/packer.js

@@ -8,12 +8,10 @@ "use strict";

const assert_1 = __importDefault(require("assert"));
const fs_extra_1 = __importDefault(require("fs-extra"));
const fs_1 = require("fs");
const path_1 = __importDefault(require("path"));
const common_1 = require("./common");
const log_1 = require("./log");
const { version } = JSON.parse(fs_extra_1.default.readFileSync(path_1.default.join(__dirname, '../package.json'), 'utf-8'));
const bootstrapText = fs_extra_1.default
.readFileSync(require.resolve('../prelude/bootstrap.js'), 'utf8')
.replace('%VERSION%', version);
const commonText = fs_extra_1.default.readFileSync(require.resolve('./common'), 'utf8');
const diagnosticText = fs_extra_1.default.readFileSync(require.resolve('../prelude/diagnostic.js'), 'utf8');
const { version } = JSON.parse((0, fs_1.readFileSync)(path_1.default.join(__dirname, '../package.json'), 'utf-8'));
const bootstrapText = (0, fs_1.readFileSync)(require.resolve('../prelude/bootstrap.js'), 'utf8').replace('%VERSION%', version);
const commonText = (0, fs_1.readFileSync)(require.resolve('./common'), 'utf8');
const diagnosticText = (0, fs_1.readFileSync)(require.resolve('../prelude/diagnostic.js'), 'utf8');
function itemsToText(items) {

@@ -20,0 +18,0 @@ const len = items.length;

32

lib-es5/producer.js

@@ -10,3 +10,3 @@ "use strict";

const child_process_1 = require("child_process");
const fs_extra_1 = __importDefault(require("fs-extra"));
const fs_1 = __importDefault(require("fs"));
const into_stream_1 = __importDefault(require("into-stream"));

@@ -61,3 +61,3 @@ const path_1 = __importDefault(require("path"));

stringValue = Buffer.concat([stringValue, padding]);
fs_extra_1.default.write(fd, stringValue, 0, stringValue.length, position, cb);
fs_1.default.write(fd, stringValue, 0, stringValue.length, position, cb);
}

@@ -117,3 +117,3 @@ function discoverPlaceholders(binaryBuffer) {

dir = path_1.default.dirname(dir);
if (fs_extra_1.default.existsSync(path_1.default.join(dir, 'package.json'))) {
if (fs_1.default.existsSync(path_1.default.join(dir, 'package.json'))) {
break;

@@ -136,3 +136,3 @@ }

const dir = findPackageJson(nodeFile);
const packageJson = JSON.parse(fs_extra_1.default.readFileSync(path_1.default.join(dir, 'package.json'), { encoding: 'utf-8' }));
const packageJson = JSON.parse(fs_1.default.readFileSync(path_1.default.join(dir, 'package.json'), { encoding: 'utf-8' }));
// only try prebuild-install for packages that actually use it or if

@@ -155,8 +155,8 @@ // explicitly configured via environment variables

const nativeFile = `${nodeFile}.${target.platform}.${target.arch}.${nodeVersion}`;
if (fs_extra_1.default.existsSync(nativeFile)) {
if (fs_1.default.existsSync(nativeFile)) {
return nativeFile;
}
// prebuild-install will overwrite the target .node file, so take a backup
if (!fs_extra_1.default.existsSync(`${nodeFile}.bak`)) {
fs_extra_1.default.copyFileSync(nodeFile, `${nodeFile}.bak`);
if (!fs_1.default.existsSync(`${nodeFile}.bak`)) {
fs_1.default.copyFileSync(nodeFile, `${nodeFile}.bak`);
}

@@ -180,5 +180,5 @@ const napiVersions = (_b = packageJson === null || packageJson === void 0 ? void 0 : packageJson.binary) === null || _b === void 0 ? void 0 : _b.napi_versions;

// move the prebuild to a new name with a platform/version extension
fs_extra_1.default.copyFileSync(nodeFile, nativeFile);
fs_1.default.copyFileSync(nodeFile, nativeFile);
// put the backed up file back
fs_extra_1.default.moveSync(`${nodeFile}.bak`, nodeFile, { overwrite: true });
fs_1.default.renameSync(`${nodeFile}.bak`, nodeFile);
return nativeFile;

@@ -278,3 +278,3 @@ }

}
const binaryBuffer = fs_extra_1.default.readFileSync(target.binaryPath);
const binaryBuffer = fs_1.default.readFileSync(target.binaryPath);
const placeholders = discoverPlaceholders(binaryBuffer);

@@ -332,4 +332,4 @@ let track = 0;

const platformFile = nativePrebuildInstall(target, stripe.file);
if (platformFile && fs_extra_1.default.existsSync(platformFile)) {
return cb(null, pipeMayCompressToNewMeter(fs_extra_1.default.createReadStream(platformFile)));
if (platformFile && fs_1.default.existsSync(platformFile)) {
return cb(null, pipeMayCompressToNewMeter(fs_1.default.createReadStream(platformFile)));
}

@@ -341,3 +341,3 @@ }

}
return cb(null, pipeMayCompressToNewMeter(fs_extra_1.default.createReadStream(stripe.file)));
return cb(null, pipeMayCompressToNewMeter(fs_1.default.createReadStream(stripe.file)));
}

@@ -359,3 +359,3 @@ (0, assert_1.default)(false, 'producer: bad stripe');

})
.pipe(fs_extra_1.default.createWriteStream(target.output))
.pipe(fs_1.default.createWriteStream(target.output))
.on('error', (error) => {

@@ -366,3 +366,3 @@ reject(error);

preludeSize = meter.bytes;
fs_extra_1.default.open(target.output, 'r+', (error, fd) => {
fs_1.default.open(target.output, 'r+', (error, fd) => {
if (error)

@@ -379,3 +379,3 @@ return reject(error);

return reject(error2);
fs_extra_1.default.close(fd, (error3) => {
fs_1.default.close(fd, (error3) => {
if (error3)

@@ -382,0 +382,0 @@ return reject(error3);

4

lib-es5/refiner.js

@@ -7,3 +7,3 @@ "use strict";

const path_1 = __importDefault(require("path"));
const chalk_1 = __importDefault(require("chalk"));
const colors_1 = require("./colors");
const common_1 = require("./common");

@@ -38,3 +38,3 @@ const log_1 = require("./log");

delete records[file];
log_1.log.debug(chalk_1.default.cyan('Deleting record file :', file));
log_1.log.debug(colors_1.pc.cyan(`Deleting record file: ${file}`));
found = true;

@@ -41,0 +41,0 @@ }

30

lib-es5/walker.js

@@ -31,9 +31,9 @@ "use strict";

const assert_1 = __importDefault(require("assert"));
const fs_extra_1 = __importDefault(require("fs-extra"));
const globby_1 = __importDefault(require("globby"));
const promises_1 = __importDefault(require("fs/promises"));
const path_1 = __importDefault(require("path"));
const chalk_1 = __importDefault(require("chalk"));
const minimatch_1 = require("minimatch");
const module_1 = require("module");
const picomatch_1 = __importDefault(require("picomatch"));
const tinyglobby_1 = require("tinyglobby");
const common_1 = require("./common");
const colors_1 = require("./colors");
const follow_1 = require("./follow");

@@ -145,3 +145,3 @@ const log_1 = require("./log");

function collect(ps) {
return globby_1.default.sync(ps, { dot: true });
return (0, tinyglobby_1.globSync)(ps, { absolute: true, dot: true });
}

@@ -161,3 +161,3 @@ function expandFiles(efs, base) {

try {
body = await fs_extra_1.default.readFile(record.file);
body = await promises_1.default.readFile(record.file);
}

@@ -353,3 +353,5 @@ catch (error) {

// check if the file matches one of the ignore regex patterns
const match = ignore.some((pattern) => (0, minimatch_1.minimatch)(realFile, pattern));
const match = picomatch_1.default.isMatch(realFile, ignore, {
windows: win32,
});
if (match) {

@@ -379,3 +381,3 @@ log_1.log.debug(`Ignoring file: ${realFile} due to top level config ignore pattern`);

for (const script of scripts) {
const stat = await fs_extra_1.default.stat(script);
const stat = await promises_1.default.stat(script);
if (stat.isFile()) {

@@ -402,3 +404,3 @@ if (!(0, common_1.isDotJS)(script) && !(0, common_1.isDotJSON)(script) && !(0, common_1.isDotNODE)(script)) {

log_1.log.debug(' Adding asset : .... ', asset);
const stat = await fs_extra_1.default.stat(asset);
const stat = await promises_1.default.stat(asset);
if (stat.isFile()) {

@@ -421,3 +423,3 @@ this.appendBlobOrContent({

file = (0, common_1.normalizePath)(file);
const stat = await fs_extra_1.default.stat(file);
const stat = await promises_1.default.stat(file);
if (stat.isFile()) {

@@ -571,3 +573,3 @@ // 1) remove sources of top-level(!) package 'files' i.e. ship as BLOB

try {
stat = await fs_extra_1.default.stat(file);
stat = await promises_1.default.stat(file);
}

@@ -641,3 +643,3 @@ catch (error) {

else {
log_1.log[level](`${chalk_1.default.yellow(failure.message)} in ${record.file}`);
log_1.log[level](`${colors_1.pc.yellow(failure.message)} in ${record.file}`);
}

@@ -778,3 +780,3 @@ return;

try {
const valueStat = await fs_extra_1.default.stat(record.file);
const valueStat = await promises_1.default.stat(record.file);
const value = {

@@ -829,3 +831,3 @@ mode: valueStat.mode,

const dd = path_1.default.join(__dirname, '../dictionary');
const files = await fs_extra_1.default.readdir(dd);
const files = await promises_1.default.readdir(dd);
for (const file of files) {

@@ -832,0 +834,0 @@ if (/\.js$/.test(file)) {

61

package.json
{
"name": "@yao-pkg/pkg",
"version": "5.15.0",
"version": "5.16.0",
"description": "Package your Node.js project into an executable",

@@ -25,43 +25,40 @@ "main": "lib-es5/index.js",

"dependencies": {
"@babel/generator": "7.23.0",
"@babel/parser": "7.23.0",
"@babel/types": "7.23.0",
"@yao-pkg/pkg-fetch": "3.5.13",
"chalk": "^4.1.2",
"fs-extra": "^9.1.0",
"globby": "^11.1.0",
"@babel/generator": "^7.23.0",
"@babel/parser": "^7.23.0",
"@babel/types": "^7.23.0",
"@yao-pkg/pkg-fetch": "3.5.15",
"into-stream": "^6.0.0",
"minimatch": "9.0.4",
"minimist": "^1.2.6",
"multistream": "^4.1.0",
"prebuild-install": "7.1.1",
"picocolors": "^1.1.0",
"picomatch": "^4.0.2",
"prebuild-install": "^7.1.1",
"resolve": "^1.22.0",
"stream-meter": "^1.0.4"
"stream-meter": "^1.0.4",
"tinyglobby": "^0.2.9"
},
"devDependencies": {
"@babel/core": "7.23.0",
"@release-it/conventional-changelog": "7.0.2",
"@types/babel__generator": "7.6.5",
"@types/fs-extra": "9.0.13",
"@types/minimatch": "^5.1.2",
"@types/minimist": "1.2.2",
"@types/multistream": "4.1.0",
"@types/node": "14.18.20",
"@types/resolve": "1.20.2",
"@types/stream-meter": "0.0.22",
"@typescript-eslint/eslint-plugin": "6.7.4",
"@typescript-eslint/parser": "6.7.4",
"eslint": "8.50.0",
"eslint-config-airbnb-base": "15.0.0",
"eslint-config-airbnb-typescript": "17.1.0",
"eslint-config-prettier": "9.0.0",
"eslint-plugin-import": "2.28.1",
"@babel/core": "^7.23.0",
"@release-it/conventional-changelog": "^7.0.2",
"@types/babel__generator": "^7.6.5",
"@types/minimist": "^1.2.2",
"@types/multistream": "^4.1.0",
"@types/node": "^16.18.113",
"@types/picomatch": "^3.0.1",
"@types/resolve": "^1.20.2",
"@types/stream-meter": "^0.0.22",
"@typescript-eslint/eslint-plugin": "^6.7.4",
"@typescript-eslint/parser": "^6.7.4",
"eslint": "^8.50.0",
"eslint-config-airbnb-base": "^15.0.0",
"eslint-config-airbnb-typescript": "^17.1.0",
"eslint-config-prettier": "^9.0.0",
"eslint-plugin-import": "^2.28.1",
"json-stable-stringify": "^1.0.1",
"lint-staged": "^10.5.4",
"mkdirp": "^1.0.4",
"prettier": "3.0.3",
"release-it": "16.2.1",
"prettier": "^3.0.3",
"release-it": "^16.2.1",
"rimraf": "^3.0.2",
"simple-git-hooks": ">=2.8.0",
"typescript": "4.7.2"
"typescript": "^4.7.2"
},

@@ -68,0 +65,0 @@ "scripts": {

40

README.md

@@ -165,3 +165,3 @@ **Disclaimer: `pkg` was created for use within containers and is not intended for use in serverless environments. For those using Vercel, this means that there is no requirement to use `pkg` in your projects as the benefits it provides are not applicable to the platform.**

`scripts` is a [glob](https://github.com/sindresorhus/globby)
`scripts` is a [glob](https://github.com/SuperchupuDev/tinyglobby)
or list of globs. Files specified as `scripts` will be compiled

@@ -174,3 +174,3 @@ using `v8::ScriptCompiler` and placed into executable without

`assets` is a [glob](https://github.com/sindresorhus/globby)
`assets` is a [glob](https://github.com/SuperchupuDev/tinyglobby)
or list of globs. Files specified as `assets` will be packaged

@@ -405,2 +405,10 @@ into executable as raw content without modifications. Javascript

## Use custom Node.js binary
In case you want to use custom node binary, you can set `PKG_NODE_PATH` environment variable to the path of the node binary you want to use and `pkg` will use it instead of the default one.
```bash
PKG_NODE_PATH=/path/to/node pkg app.js
```
## Troubleshooting

@@ -425,2 +433,30 @@

### Error: Cannot execute binaray from snapshot
Binaries must be extracted from snapshot in order to be executed. In order to do this you can use this approach:
```js
const cp = require('child_process');
const fs = require('fs');
const { pipeline } = require('stream/promises');
let ffmpeg = require('@ffmpeg-installer/ffmpeg').path;
const loadPlugin = async () => {
if (process.pkg) {
// copy ffmpeg to the current directory
const file = fs.createWriteStream('ffmpeg');
await pipeline(fs.createReadStream(ffmpeg), file);
fs.chmodSync('ffmpeg', 0o755);
console.log('ffmpeg copied to the current directory');
ffmpeg = './ffmpeg';
}
cp.execSync(ffmpeg);
};
loadPlugin();
```
### Error: ENOENT: no such file or directory, uv_chdir

@@ -427,0 +463,0 @@

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc