better-sqlite3 - npm Package Compare versions

Comparing version 7.4.6 to 7.5.0

deps/symlink.js

@@ -6,12 +6,15 @@ 'use strict';
 const dest = process.argv[2];
-const source = path.resolve(path.sep, process.argv[3]);
+const source = path.resolve(path.sep, process.argv[3] || path.join(__dirname, 'sqlite3'));
+const filenames = process.argv.slice(4).map(str => path.basename(str));
 
 /*
-	This creates symlinks inside the <$2> directory, linking to the SQLite3
-	amalgamation files inside the directory specified by the absolute path <$3>.
+	This creates symlinks inside the <$2> directory, linking to files inside the
+	directory specified by the absolute path <$3>. If no path <$3> is provided,
+	the default path of "./deps/sqlite3" is used. The basenames of the files to
+	link are specified by <$4...>.
  */
 
-for (const filename of ['sqlite3.c', 'sqlite3.h']) {
+for (const filename of filenames) {
 	fs.accessSync(path.join(source, filename));
 	fs.symlinkSync(path.join(source, filename), path.join(dest, filename), 'file');
 }

lib/database.js

@@ -5,7 +5,5 @@ 'use strict';
 const util = require('./util');
+const SqliteError = require('./sqlite-error');
 
-const {
-	Database: CPPDatabase,
-	setErrorConstructor,
-} = require('bindings')('better_sqlite3.node');
+let DEFAULT_ADDON;
 
@@ -39,2 +37,3 @@ function Database(filenameGiven, options) {
 	const verbose = 'verbose' in options ? options.verbose : null;
+	const nativeBindingPath = 'nativeBinding' in options ? options.nativeBinding : null;
 
@@ -46,3 +45,16 @@ // Validate interpreted options
 	if (verbose != null && typeof verbose !== 'function') throw new TypeError('Expected the "verbose" option to be a function');
+	if (nativeBindingPath != null && typeof nativeBindingPath !== 'string') throw new TypeError('Expected the "nativeBinding" option to be a string');
 
+	// Load the native addon
+	let addon;
+	if (nativeBindingPath == null) {
+		addon = DEFAULT_ADDON || (DEFAULT_ADDON = require('bindings')('better_sqlite3.node'));
+	} else {
+		addon = require(path.resolve(nativeBindingPath).replace(/(\.node)?$/, '.node'));
+	}
+	if (!addon.isInitialized) {
+		addon.setErrorConstructor(SqliteError);
+		addon.isInitialized = true;
+	}
+
 	// Make sure the specified directory exists
@@ -54,3 +66,3 @@ if (!anonymous && !fs.existsSync(path.dirname(filename))) {
 	Object.defineProperties(this, {
-		[util.cppdb]: { value: new CPPDatabase(filename, filenameGiven, anonymous, readonly, fileMustExist, timeout, verbose || null, buffer || null) },
+		[util.cppdb]: { value: new addon.Database(filename, filenameGiven, anonymous, readonly, fileMustExist, timeout, verbose || null, buffer || null) },
 		...wrappers.getters,
@@ -77,2 +89,1 @@ });
 module.exports = Database;
-setErrorConstructor(require('./sqlite-error'));

lib/sqlite-error.js

@@ -15,4 +15,3 @@ 'use strict';
 	Error.captureStackTrace(this, SqliteError);
-	descriptor.value = code;
-	Object.defineProperty(this, 'code', descriptor);
+	this.code = code;
 }
@@ -19,0 +18,0 @@ Object.setPrototypeOf(SqliteError, Error);

package.json

 {
   "name": "better-sqlite3",
-  "version": "7.4.6",
+  "version": "7.5.0",
   "description": "The fastest and simplest library for SQLite3 in Node.js.",
   "homepage": "http://github.com/JoshuaWise/better-sqlite3",
   "author": "Joshua Wise <joshuathomaswise@gmail.com>",
-  "main": "lib/index.js",
   "repository": {
@@ -12,6 +11,12 @@ "type": "git",
   },
+  "main": "lib/index.js",
+  "files": [
+    "binding.gyp",
+    "src/*.[ch]pp",
+    "lib/**",
+    "deps/**"
+  ],
   "dependencies": {
     "bindings": "^1.5.0",
-    "prebuild-install": "^7.0.0",
-    "tar": "^6.1.11"
+    "prebuild-install": "^7.0.0"
   },
@@ -18,0 +23,0 @@ "devDependencies": {

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

9234602

increased by220.46%

Dependency count

2

decreased by-33.33%

Number of low supply chain risk alerts

4

decreased by-73.33%

Number of medium supply chain risk alerts

2

decreased by-33.33%

Worsened metrics

Number of package files

28

decreased by-69.89%

Lines of code

556

decreased by-88.85%

Dependency changes

• - Removedtar@^6.1.11

• - Removedchownr@2.0.0(transitive)

• - Removedfs-minipass@2.1.0(transitive)

• - Removedminipass@3.3.65.0.0(transitive)

• - Removedminizlib@2.1.2(transitive)

• - Removedmkdirp@1.0.4(transitive)

• - Removedtar@6.2.1(transitive)

• - Removedyallist@4.0.0(transitive)