amazon-mws-cli - npm Package Compare versions

Comparing version 1.0.0-alpha.2 to 1.0.0-alpha.3

package.json

 {
   "name": "amazon-mws-cli",
-  "version": "1.0.0-alpha.2",
+  "version": "1.0.0-alpha.3",
   "description": "A command-line tool to access the Amazon Marketplace Web Services API",
@@ -5,0 +5,0 @@ "scripts": {

README.md

@@ -15,8 +15,11 @@ # amazon-mws-cli
 
+create mwsconfig.json in your home directory
 ```
-export AWS_ACCESS_KEY_ID="<Your Access Key ID>"
-export AWS_SECRET_ACCESS_KEY="<Your Secret Key>"
-export MERCHANT_ID="<Your Merchant Id>"
-export MARKETPLACE_ID="<Your Marketplace Id>"
-export ENDPOINT="<Your Amazon MWS Endpoint>"
+{
+    "merchantId": "<Your Merchant Id>",
+    "accessKeyId": "<Your AWS Access Key ID>",
+    "secretAccessKey": "<Your AWS Secret Key>",
+    "endpoint": "<Your Marketplace Endpoint>",
+    "marketplaceId": "<Your Default Marketplace Id>"
+}
 ```
@@ -23,0 +26,0 @@

src/getCompetitivePricingForASIN.js

 #!/usr/bin/env node
 
-const {Credentials, Products} = require('shiny-robot')
+const {Products} = require('shiny-robot')
+const getCredentials = require('./shared/getCredentials')
 
-const credentials = new Credentials(
-  process.env.MERCHANT_ID,
-  process.env.AWS_ACCESS_KEY_ID,
-  process.env.AWS_SECRET_ACCESS_KEY,
-  process.env.ENDPOINT,
-  process.env.MARKETPLACE_ID
-)
+const exit = err => {
+  console.warn(err)
+  process.exit(1)
+}
 
-const products = new Products(credentials)
+let profile
 
-products.getCompetitivePricingForASIN(
-  {
-    ASINList: process.argv.slice(2, 22)
-  },
-  function (error, response) {
-    if (error) {
-      console.warn(error)
-      process.exit(1)
-    } else console.log(JSON.stringify(response))
-  })
+getCredentials(profile, (err, credentials) => {
+  if (err) exit(err)
+
+  const products = new Products(credentials)
+
+  products.getCompetitivePricingForASIN(
+    {
+      ASINList: process.argv.slice(2, 22)
+    },
+    (err, response) => {
+      if (err) exit(err)
+
+      console.log(JSON.stringify(response))
+    })
+})

src/getMatchingProductForId.js

 #!/usr/bin/env node
 
-const {Credentials, Products} = require('shiny-robot')
+const {Products} = require('shiny-robot')
+const getCredentials = require('./shared/getCredentials')
 
-const credentials = new Credentials(
-  process.env.MERCHANT_ID,
-  process.env.AWS_ACCESS_KEY_ID,
-  process.env.AWS_SECRET_ACCESS_KEY,
-  process.env.ENDPOINT,
-  process.env.MARKETPLACE_ID
-)
+const exit = err => {
+  console.warn(err)
+  process.exit(1)
+}
 
-const products = new Products(credentials)
+let profile
 
-products.getMatchingProductForId(
-  {
-    IdType: process.argv[2],
-    IdList: process.argv.slice(3, 8)
-  },
-  function (error, response) {
-    if (error) {
-      console.warn(error)
-      process.exit(1)
-    } else console.log(JSON.stringify(response))
-  })
+getCredentials(profile, (err, credentials) => {
+  if (err) exit(err)
+
+  const products = new Products(credentials)
+
+  products.getMatchingProductForId(
+    {
+      IdType: process.argv[2],
+      IdList: process.argv.slice(3, 8)
+    },
+    (err, response) => {
+      if (err) exit(err)
+
+      console.log(JSON.stringify(response))
+    })
+})

New alerts

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 5 instances in 1 package

Improved metrics

Total package byte prevSize

5078

increased by12.52%

Number of package files

7

increased by16.67%

Lines of code

59

increased by43.9%

Number of lines in readme file

37

increased by8.82%

Number of low supply chain risk alerts

1

decreased by-90%

No dependency changes