about-this-app
Advanced tools
Comparing version 1.1.0 to 1.1.1
10
index.js
@@ -7,3 +7,2 @@ // @flow | ||
| const readPkgUp = require('read-pkg-up'); | ||
| const _ = require('lodash'); | ||
@@ -17,4 +16,11 @@ const { path: packageJson, pkg } = readPkgUp.sync({ | ||
| const has = (obj, path) => { | ||
| // Regex explained: https://regexr.com/58j0k | ||
| const pathArray = Array.isArray(path) ? path : path.match(/([^[.\]])+/g); | ||
| return !!pathArray.reduce((prevObj, key) => prevObj && prevObj[key], obj); | ||
| }; | ||
| const hasFile = (f /*: string */) => fs.existsSync(resolve(f)); | ||
| const hasPkgProp = props => arrify(props).some(prop => _.has(pkg, prop)); | ||
| const hasPkgProp = props => arrify(props).some(prop => has(pkg, prop)); | ||
@@ -21,0 +27,0 @@ const hasPkgSubProp = (pkgProp /*: string */) => (...props /*: string[] */) => |
| { | ||
| "name": "about-this-app", | ||
| "version": "1.1.0", | ||
| "version": "1.1.1", | ||
| "description": "Utility functions to query package.json", | ||
| "author": "Felix Gnass <fgnass@cellular.de>", | ||
| "repository": "fgnass/about-this-app", | ||
| "repository": "cellular/about-this-app", | ||
| "license": "MIT", | ||
@@ -17,3 +17,2 @@ "main": "index.js", | ||
| "arrify": "^1.0.1", | ||
| "lodash": "^4.17.5", | ||
| "read-pkg-up": "^3.0.0" | ||
@@ -23,3 +22,3 @@ }, | ||
| "eslint": "^4.17.0", | ||
| "eslint-config-cellular": "^1.0.0", | ||
| "eslint-config-cellular": "^2.0.1", | ||
| "flow-bin": "^0.65.0", | ||
@@ -26,0 +25,0 @@ "jest": "^22.2.1" |
| # about-this-app | ||
| [](https://travis-ci.org/fgnass/about-this-app) | ||
| [](https://greenkeeper.io/) | ||
| [](https://travis-ci.org/cellular/about-this-app) | ||
| Utility functions to query a project's package.json file. | ||
@@ -6,0 +8,0 @@ |
Sorry, the diff of this file is not supported yet
New alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by7.77%
4979
- Dependency count
- decreased by-33.33%
2
- Number of package files
- increased by14.29%
8
- Lines of code
- increased by5.06%
83
- Number of lines in readme file
- increased by3.92%
53
Worsened metrics
- Number of low supply chain risk alerts
- increased by33.33%
4
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
- Removedlodash@^4.17.5
- Removedlodash@4.17.21(transitive)