ado-npm-auth - npm Package Compare versions

Comparing version 0.3.1 to 0.3.2

lib/args.d.ts

@@ -5,4 +5,5 @@ export interface Args {
     configFile?: string;
+    azureAuthLocation?: string;
 }
 export declare function parseArgs(args: string[]): Args;
 //# sourceMappingURL=args.d.ts.map

lib/yarnrc/yarnrcFileProvider.d.ts

@@ -8,2 +8,3 @@ import { Feed, FileProvider } from "../fileProvider.js";
     writeWorkspaceRegistries(feedsToPatch: Iterable<Feed>): Promise<void>;
+    writeYarnRc(filePath: string, yarnrc: YarnRc): Promise<void>;
     paseYarnRc(filePath: string): Promise<YarnRc>;
@@ -10,0 +11,0 @@ }

package.json

 {
   "name": "ado-npm-auth",
-  "version": "0.3.1",
+  "version": "0.3.2",
   "description": "The ado-npm-auth package can automatically use the azureauth CLI to fetch tokens and update a user's .npmrc file for authenticating to ADO package feeds.",
@@ -25,4 +25,4 @@ "repository": "https://github.com/microsoft/ado-npm-auth",
     "bundle": "npm run bundleBin && npm run bundleIndex",
-    "bundleBin": "esbuild --sourcemap --bundle --minify --platform=node src/cli.ts --outfile=dist/ado-npm-auth.cjs",
-    "bundleIndex": "esbuild --sourcemap --bundle --minify --platform=node --format=esm src/index.ts --outfile=dist/index.js",
+    "bundleBin": "esbuild --sourcemap=external --bundle --minify --platform=node src/cli.ts --outfile=dist/ado-npm-auth.cjs",
+    "bundleIndex": "esbuild --sourcemap=external --bundle --minify --platform=node --format=esm src/index.ts --outfile=dist/index.js",
     "lint": "prettier --check src/**/*.ts",
@@ -36,3 +36,3 @@ "performance-test": "node lib/tests/performance.test.js",
   "devDependencies": {
-    "@npmcli/config": "^4.0.1",
+    "@npmcli/config": "^10.0.0",
     "@types/js-yaml": "4.0.9",
@@ -39,0 +39,0 @@ "@types/node": "^20.5.9",

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 10 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Improved metrics

Total package byte prevSize

1409023

24.35%

Lines of code

5439

24.04%

Worsened metrics

Number of low supply chain risk alerts

169

14.19%

Number of medium supply chain risk alerts

10

11.11%

No dependency changes