azure-functions-core-tools - npm Package Compare versions

Comparing version 1.0.12 to 1.0.14

lib/install.js

 #! /usr/bin/env node
 
 var unzipper = require('unzipper');
+var url = require('url');
+var HttpsProxyAgent = require('https-proxy-agent');
 var https = require('https');
@@ -10,4 +12,21 @@ var version = require('../package.json').version;
 
-var url = 'https://functionscdn.azureedge.net/public/' + version + '/Azure.Functions.Cli.zip';
-https.get(url, function (response) {
+var endpoint = 'https://functionscdn.azureedge.net/public/' + version + '/Azure.Functions.Cli.zip';
+console.log('attempting to GET %j', endpoint);
+var options = url.parse(endpoint);
+// npm config preceed system environment
+// https://github.com/npm/npm/blob/19397ad523434656af3d3765e80e22d7e6305f48/lib/config/reg-client.js#L7-L8
+// https://github.com/request/request/blob/b12a6245d9acdb1e13c6486d427801e123fdafae/lib/getProxyFromURI.js#L66-L71
+var proxy = process.env.npm_config_https_proxy || 
+            process.env.npm_config_proxy ||
+            process.env.HTTPS_PROXY ||
+            process.env.https_proxy ||
+            process.env.HTTP_PROXY ||
+            process.env.http_proxy;
+
+if (proxy) {
+    console.log('using proxy server %j', proxy);
+    options.agent = new HttpsProxyAgent(proxy);
+}
+
+https.get(options, function (response) {
         if (response.statusCode === 200) {
@@ -20,3 +39,3 @@ var bin = path.join(path.dirname(fs.realpathSync(__filename)), '../bin');
         } else {
-            console.error(chalk.red('Error downloading zip file from ' + url));
+            console.error(chalk.red('Error downloading zip file from ' + endpoint));
             console.error(chalk.red('Expected: 200, Actual: ' + response.statusCode));
@@ -23,0 +42,0 @@ process.exit(1);

package.json

 {
     "name": "azure-functions-core-tools",
-    "version": "1.0.12",
+    "version": "1.0.14",
     "description": "Azure Functions Core Tools",
@@ -26,2 +26,3 @@ "scripts": {
         "command-exists": "^1.2.2",
+        "https-proxy-agent": "^2.2.1",
         "tmp": "^0.0.33",
@@ -28,0 +29,0 @@ "unzipper": "^0.8.9"

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 6 instances in 1 package

Fixed alerts

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

17655

increased by59.73%

Number of package files

5

increased by25%

Lines of code

61

increased by38.64%

Number of medium quality alerts

0

decreased by-100%

Number of lines in readme file

161

increased byInfinity%

Worsened metrics

Dependency count

5

increased by25%

Number of low supply chain risk alerts

8

increased by300%

Number of medium supply chain risk alerts

4

increased by33.33%

Dependency changes

• + Addedhttps-proxy-agent@^2.2.1

• + Addedagent-base@4.3.0(transitive)

• + Addeddebug@3.2.7(transitive)

• + Addedes6-promise@4.2.8(transitive)

• + Addedes6-promisify@5.0.0(transitive)

• + Addedhttps-proxy-agent@2.2.4(transitive)

• + Addedms@2.1.3(transitive)