aegir-bundle - npm Package Compare versions

Comparing version 0.0.1 to 0.1.0

package.json

 {
   "name": "aegir-bundle",
-  "version": "0.0.1",
+  "version": "0.1.0",
   "description": "aegir dev-cli packaged as tiny, minified, single-file bundle",
@@ -5,0 +5,0 @@ "main": "index.js",

src/index.js

@@ -38,5 +38,10 @@ 'use strict'
     const url = 'https://aegir.mkg20001.io/' + version + '/' + fileName
+    let dl
 
     // Success callback wrapper
     const done = () => {
+      if (dl && dl.progress.percentage !== 100) {
+        return reject(new Error('Download interrupted'))
+      }
+
       fs.writeFileSync(binPath + '.ok', '')
@@ -68,3 +73,3 @@ resolve({
 
-    nugget(url, {target: fileName, streamOnly: true}, (err, stream) => {
+    dl = nugget(url, {target: fileName, streamOnly: true}, (err, stream) => {
       if (err) {
@@ -71,0 +76,0 @@ return reject(err[0])

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Improved metrics

Number of high supply chain risk alerts

1

decreased by-50%

Number of low supply chain risk alerts

6

decreased by-73.91%

Worsened metrics

Total package byte prevSize

5113

decreased by-76.23%

Number of package files

6

decreased by-57.14%

Lines of code

131

decreased by-71.77%

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes