New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
apt-cli - npm Package Compare versions
@@ -1,2 +0,1 @@ | ||
| import xz from "lzma-native"; | ||
| import { Duplex, PassThrough, Readable, Stream } from "stream"; | ||
@@ -6,8 +5,8 @@ import { ReadableStream } from "stream/web"; | ||
| export declare const createGzipStream: () => import("zlib").Unzip; | ||
| export declare const createBzip2Stream: () => import("through").ThroughStream; | ||
| export declare const createXZStream: () => xz.JSLzmaStream; | ||
| export declare const createBzip2Stream: () => Duplex; | ||
| export declare const createXZStream: () => Duplex; | ||
| export declare const createHashStream: (file: string, type: string, hash: string) => PassThrough; | ||
| export declare const createProgressStream: (file: string, size: number) => PassThrough; | ||
| export declare const streamToBuffer: (stream: Stream) => Promise<Buffer>; | ||
| export declare const createCacheStream: (to: string) => PassThrough; | ||
| export declare const createCacheStream: (to: string, total: number) => PassThrough; | ||
| export declare const toReadableStream: (rs: ReadableStream) => Readable; |
+17
-11
@@ -9,3 +9,3 @@ import { createUnzip } from "zlib"; | ||
| import { formatUnit, multiBar, truncateFilename } from "./progress.js"; | ||
| import { unlink } from "fs/promises"; | ||
| import { rename, unlink } from "fs/promises"; | ||
| const pipelineDuplex = (stream, dest) => { | ||
@@ -73,14 +73,20 @@ stream.pipe(dest); | ||
| }; | ||
| const createCacheStream = (to) => { | ||
| const stream = createWriteStream(to, { encoding: "binary" }); | ||
| const createCacheStream = (to, total) => { | ||
| const tmp = to + ".tmp"; | ||
| const stream = createWriteStream(tmp, { encoding: "binary" }); | ||
| const check = async (error) => { | ||
| try { | ||
| if (error || stream.bytesWritten != total) { | ||
| await unlink(to); | ||
| } else { | ||
| await rename(tmp, to); | ||
| } | ||
| } catch (error2) { | ||
| console.error("createCacheStream:" + error2, { cause: error2 }); | ||
| } | ||
| }; | ||
| stream.once("end", check); | ||
| stream.once("error", check); | ||
| const passThrough = new PassThrough(); | ||
| passThrough.pipe(stream); | ||
| passThrough.once("error", async () => { | ||
| try { | ||
| stream.destroy(); | ||
| await unlink(to); | ||
| } catch (error) { | ||
| console.error(error); | ||
| } | ||
| }); | ||
| return passThrough; | ||
@@ -87,0 +93,0 @@ }; |
+6
-3
@@ -53,6 +53,9 @@ import { access, mkdir } from "fs/promises"; | ||
| if (resp.status >= 400 || resp.body == null) { | ||
| throw new Error(`fetch ${url}: ${resp.status} ${resp.statusText}`); | ||
| throw new Error( | ||
| `fetch error:${url}: ${resp.status} ${resp.statusText}` | ||
| ); | ||
| } | ||
| break; | ||
| } catch (error) { | ||
| console.error(`fetch ${url}:`, error); | ||
| console.error(`fetch error:${url}:`, error); | ||
| } | ||
@@ -67,3 +70,3 @@ } | ||
| if (cache) { | ||
| stream = pipelineDuplex(stream, createCacheStream(cache)); | ||
| stream = pipelineDuplex(stream, createCacheStream(cache, total)); | ||
| } | ||
@@ -70,0 +73,0 @@ if (!option?.quiet) { |
+1
-1
| { | ||
| "name": "apt-cli", | ||
| "type": "module", | ||
| "version": "0.1.14", | ||
| "version": "0.1.15", | ||
| "description": "APT CLI - Used to parse the DEB package dependency tree.", | ||
@@ -6,0 +6,0 @@ "main": "./dist/index.js", |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
Improved metrics
- Total package byte prevSize
50756
0.45%- Lines of code
1370
0.59%No dependency changes