bithound - npm Package Compare versions
| var async = require('async'); | ||
| var program = require('commander'); | ||
| var request = require('request'); | ||
| var git = require('git-rev-sync'); | ||
@@ -25,3 +26,3 @@ function parse (url) { | ||
| if (process.env.TRAVIS) { | ||
| branch = process.env.TRAVIS_BRANCH; | ||
| branch = (process.env.TRAVIS_PULL_REQUEST === 'false' ? process.env.TRAVIS_BRANCH : git.branch(process.env.TRAVIS_BUILD_DIR)); | ||
| sha = process.env.TRAVIS_COMMIT; | ||
@@ -28,0 +29,0 @@ } else if (process.env.JENKINS_URL) { |
+5
-4
| { | ||
| "name": "bithound", | ||
| "version": "1.4.0", | ||
| "version": "1.5.0", | ||
| "description": "Commands for interacting with bitHound: https://bithound.io", | ||
@@ -19,5 +19,6 @@ "repository": { | ||
| "dependencies": { | ||
| "async": "^1.5.2", | ||
| "async": "^2.0.0", | ||
| "commander": "^2.8.1", | ||
| "git-origin-url": "^0.3.0", | ||
| "git-rev-sync": "^1.6.0", | ||
| "open": "0.0.5", | ||
@@ -28,4 +29,4 @@ "request": "^2.67.0" | ||
| "express": "^4.13.3", | ||
| "semistandard": "^7.0.5", | ||
| "tap": "^5.2.0" | ||
| "semistandard": "^8.0.0", | ||
| "tap": "^6.1.1" | ||
| }, | ||
@@ -32,0 +33,0 @@ "preferGlobal": false, |
@@ -12,2 +12,9 @@ var tap = require('tap'); | ||
| function notFoundCommitOrRepo (err, t, server, stderr) { | ||
| tap.equal(stderr, 'Repo or commit not found.'); | ||
| tap.equal(err.code, 1); | ||
| server.close(); | ||
| t.end(); | ||
| } | ||
| tap.test('A repo must exists', function (t) { | ||
@@ -18,6 +25,3 @@ server.listen(port, function () { | ||
| exec('node bithound check git@github.com/provider/owner/repo.git --sha sha', { env: env }, function (err, stdout, stderr) { | ||
| tap.equal(stderr, 'Branch could not be determined.'); | ||
| tap.equal(err.code, 1); | ||
| server.close(); | ||
| t.end(); | ||
| notFoundCommitOrRepo(err, t, server, stderr); | ||
| }); | ||
@@ -32,6 +36,3 @@ }); | ||
| exec('node bithound check git@github.com/provider/owner/repo.git --sha sha --branch branch', { env: env }, function (err, stdout, stderr) { | ||
| tap.equal(stderr, 'Repo or commit not found.'); | ||
| tap.equal(err.code, 1); | ||
| server.close(); | ||
| t.end(); | ||
| notFoundCommitOrRepo(err, t, server, stderr); | ||
| }); | ||
@@ -38,0 +39,0 @@ }); |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 25 instances in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 23 instances in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
18481
0.97%- Lines of code
325
0.31%Worsened metrics
- Dependency count
6
20%- Number of low supply chain risk alerts
29
7.41%Dependency changes
+ Added
git-rev-sync@^1.6.0+ Added
async@2.6.4(transitive)+ Added
balanced-match@1.0.2(transitive)+ Added
brace-expansion@1.1.14(transitive)+ Added
concat-map@0.0.1(transitive)+ Added
es-errors@1.3.0(transitive)+ Added
escape-string-regexp@1.0.5(transitive)+ Added
fs.realpath@1.0.0(transitive)+ Added
function-bind@1.1.2(transitive)+ Added
git-rev-sync@1.12.0(transitive)+ Added
glob@7.2.3(transitive)+ Added
graceful-fs@4.1.11(transitive)+ Added
hasown@2.0.3(transitive)+ Added
inflight@1.0.6(transitive)+ Added
inherits@2.0.4(transitive)+ Added
interpret@1.4.0(transitive)+ Added
is-core-module@2.16.1(transitive)+ Added
lodash@4.18.1(transitive)+ Added
minimatch@3.1.5(transitive)+ Added
once@1.4.0(transitive)+ Added
path-is-absolute@1.0.1(transitive)+ Added
path-parse@1.0.7(transitive)+ Added
rechoir@0.6.2(transitive)+ Added
resolve@1.22.12(transitive)+ Added
shelljs@0.7.7(transitive)+ Added
supports-preserve-symlinks-flag@1.0.0(transitive)+ Added
wrappy@1.0.2(transitive)- Removed
async@1.5.2(transitive)Updated
async@^2.0.0