Comparing version 1.0.2 to 1.1.0
209
index.js
@@ -0,150 +1,87 @@ | ||
var staticModule = require('static-module'); | ||
var quote = require('quote-stream'); | ||
var through = require('through2'); | ||
var fs = require('fs'); | ||
var path = require('path'); | ||
var through = require('through'); | ||
var falafel = require('falafel'); | ||
var unparse = require('escodegen').generate; | ||
module.exports = function (file) { | ||
module.exports = function (file, opts) { | ||
if (/\.json$/.test(file)) return through(); | ||
var data = ''; | ||
var fsNames = {}; | ||
var vars = [ '__filename', '__dirname' ]; | ||
var dirname = path.dirname(file); | ||
var pending = 0; | ||
var vars = { | ||
__filename: file, | ||
__dirname: path.dirname(file) | ||
}; | ||
if (!opts) opts = {}; | ||
if (opts.vars) Object.keys(opts.vars).forEach(function (key) { | ||
vars[key] = opts.vars[key]; | ||
}); | ||
var tr = through(write, end); | ||
return tr; | ||
function containsUndefinedVariable (node) { | ||
if (node.type === 'Identifier') { | ||
if (vars.indexOf(node.name) === -1) { | ||
return true; | ||
} | ||
var sm = staticModule( | ||
{ fs: { readFileSync: readFileSync, readFile: readFile } }, | ||
{ vars: vars } | ||
); | ||
return sm; | ||
function readFile (file, enc, cb) { | ||
if (typeof enc === 'function') { | ||
cb = enc; | ||
enc = null; | ||
} | ||
else if (node.type === 'BinaryExpression') { | ||
return containsUndefinedVariable(node.left) | ||
|| containsUndefinedVariable(node.right) | ||
; | ||
if (enc && typeof enc === 'object' && enc.encoding) { | ||
enc = enc.encoding; | ||
} | ||
else { | ||
return false; | ||
var isBuffer = false; | ||
if (enc === null || enc === undefined) { | ||
isBuffer = true; | ||
enc = 'base64'; | ||
} | ||
}; | ||
function write (buf) { data += buf } | ||
function end () { | ||
try { var output = parse() } | ||
catch (err) { | ||
this.emit('error', new Error( | ||
err.toString().replace('Error: ', '') + ' (' + file + ')') | ||
); | ||
var stream = through(write, end); | ||
stream.push('process.nextTick(function(){(' + cb + ')(null,'); | ||
if (isBuffer) stream.push('Buffer('); | ||
var s = fs.createReadStream(file, { encoding: enc }); | ||
s.on('error', function (err) { sm.emit('error', err) }); | ||
return s.pipe(quote()).pipe(stream); | ||
function write (buf, enc, next) { | ||
this.push(buf); | ||
next(); | ||
} | ||
if (pending === 0) finish(output); | ||
function end (next) { | ||
if (isBuffer) this.push(',"base64")'); | ||
this.push(')})'); | ||
this.push(null); | ||
sm.emit('file', file); | ||
next() | ||
} | ||
} | ||
function finish (output) { | ||
tr.queue(String(output)); | ||
tr.queue(null); | ||
} | ||
function parse () { | ||
var output = falafel(data, function (node) { | ||
if (isRequire(node) && node.arguments[0].value === 'fs' | ||
&& node.parent.type === 'VariableDeclarator' | ||
&& node.parent.id.type === 'Identifier') { | ||
fsNames[node.parent.id.name] = true; | ||
} | ||
if (isRequire(node) && node.arguments[0].value === 'fs' | ||
&& node.parent.type === 'AssignmentExpression' | ||
&& node.parent.left.type === 'Identifier') { | ||
fsNames[node.parent.left.name] = true; | ||
} | ||
if (node.type !== 'CallExpression' || !isFs(node.callee)) return; | ||
var type; | ||
if (isRFS(node.callee.property)) type = 'sync'; | ||
else if (isRF(node.callee.property)) type = 'async'; | ||
if (!type) return; | ||
var args = node.arguments; | ||
var canBeInlined = !containsUndefinedVariable(args[0]); | ||
if (!canBeInlined) return; | ||
var t = 'return ' + unparse(args[0]); | ||
var fpath = Function(vars, t)(file, dirname); | ||
var enc = null; | ||
if (args[1] && !/^Function/.test(args[1].type)) { | ||
enc = Function('return ' + unparse(args[1]))() | ||
} | ||
++ pending; | ||
if (enc && typeof enc === 'object' && enc.encoding) { | ||
enc = enc.encoding; | ||
} | ||
var isBuffer = false; | ||
if (enc === null || enc === undefined) { | ||
isBuffer = true; | ||
enc = 'base64'; | ||
} | ||
fs.readFile(fpath, enc, function (err, src) { | ||
if (err) return tr.emit('error', errorWithFile(file, err)); | ||
var code = isBuffer | ||
? 'Buffer(' + JSON.stringify(src) + ',"base64")' | ||
: JSON.stringify(src) | ||
; | ||
if (type === 'sync') { | ||
node.update(code); | ||
} | ||
else if (type === 'async') { | ||
var cb = args[2] || args[1]; | ||
if (!cb) return; | ||
node.update( | ||
'process.nextTick(function () {' | ||
+ '(' + cb.source() + ')' | ||
+ '(null,' + code + ')' | ||
+ '})' | ||
); | ||
} | ||
tr.emit('file', fpath); | ||
if (--pending === 0) finish(output); | ||
}); | ||
}); | ||
return output; | ||
} | ||
function isFs (p) { | ||
if (!p) return false; | ||
if (p.type !== 'MemberExpression') return false; | ||
return (p.object.type === 'Identifier' && fsNames[p.object.name]) | ||
|| isRequire(p.object) | ||
function readFileSync (file, enc) { | ||
var isBuffer = false; | ||
if (enc === null || enc === undefined) { | ||
isBuffer = true; | ||
enc = 'base64'; | ||
} | ||
if (enc && typeof enc === 'object' && enc.encoding) { | ||
enc = enc.encoding; | ||
} | ||
var stream = fs.createReadStream(file, { encoding: enc }) | ||
.pipe(quote()).pipe(through(write, end)) | ||
; | ||
if (isBuffer) { | ||
stream.push('Buffer('); | ||
} | ||
return stream; | ||
function write (buf, enc, next) { | ||
this.push(buf); | ||
next(); | ||
} | ||
function end (next) { | ||
if (isBuffer) this.push(',"base64")'); | ||
this.push(null); | ||
sm.emit('file', file); | ||
next(); | ||
} | ||
} | ||
}; | ||
function isRFS (node) { | ||
return node.type === 'Identifier' && node.name === 'readFileSync'; | ||
} | ||
function isRF (node) { | ||
return node.type === 'Identifier' && node.name === 'readFile'; | ||
} | ||
function isRequire (node) { | ||
var c = node.callee; | ||
return c | ||
&& node.type === 'CallExpression' | ||
&& c.type === 'Identifier' | ||
&& c.name === 'require' | ||
; | ||
} | ||
function errorWithFile (file, err) { | ||
var e = new Error(err.message + '\n while running brfs on ' + file); | ||
e.file = file; | ||
return e; | ||
} |
{ | ||
"name": "brfs", | ||
"version": "1.0.2", | ||
"description": "browserify fs.readFileSync() static asset inliner", | ||
"main": "index.js", | ||
"bin": "bin/cmd.js", | ||
"dependencies": { | ||
"through": "~2.2.0", | ||
"falafel": "~0.1.6", | ||
"escodegen": "0.0.17" | ||
}, | ||
"devDependencies": { | ||
"tap": "~0.4.0", | ||
"browserify": "~3.25.2", | ||
"concat-stream": "~1.0.0" | ||
}, | ||
"scripts": { | ||
"test": "tap test/*.js" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "git://github.com/substack/brfs.git" | ||
}, | ||
"homepage": "https://github.com/substack/brfs", | ||
"keywords": [ | ||
"browserify", | ||
"browserify-transform", | ||
"fs", | ||
"readFileSync", | ||
"plugin", | ||
"static", | ||
"asset", | ||
"bundle", | ||
"base64" | ||
], | ||
"author": { | ||
"name": "James Halliday", | ||
"email": "mail@substack.net", | ||
"url": "http://substack.net" | ||
}, | ||
"license": "MIT" | ||
"name": "brfs", | ||
"version": "1.1.0", | ||
"description": "browserify fs.readFileSync() static asset inliner", | ||
"main": "index.js", | ||
"bin": "bin/cmd.js", | ||
"dependencies": { | ||
"quote-stream": "^0.0.0", | ||
"static-module": "^0.0.2", | ||
"through2": "^0.4.1" | ||
}, | ||
"devDependencies": { | ||
"browserify": "^3.44.1", | ||
"concat-stream": "^1.4.5", | ||
"tap": "^0.4.8", | ||
"through": "^2.3.4" | ||
}, | ||
"scripts": { | ||
"test": "tap test/*.js" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "git://github.com/substack/brfs.git" | ||
}, | ||
"homepage": "https://github.com/substack/brfs", | ||
"keywords": [ | ||
"browserify", | ||
"browserify-transform", | ||
"fs", | ||
"readFileSync", | ||
"plugin", | ||
"static", | ||
"asset", | ||
"bundle", | ||
"base64" | ||
], | ||
"author": { | ||
"name": "James Halliday", | ||
"email": "mail@substack.net", | ||
"url": "http://substack.net" | ||
}, | ||
"license": "MIT" | ||
} |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
159
1
18698
4
427
+ Addedquote-stream@^0.0.0
+ Addedstatic-module@^0.0.2
+ Addedthrough2@^0.4.1
+ Addedbuffer-from@1.1.2(transitive)
+ Addedconcat-stream@1.6.2(transitive)
+ Addedcore-util-is@1.0.3(transitive)
+ Addeddeep-is@0.1.4(transitive)
+ Addedduplexer2@0.0.1(transitive)
+ Addedescodegen@0.0.281.14.3(transitive)
+ Addedesprima@4.0.1(transitive)
+ Addedestraverse@1.3.24.3.0(transitive)
+ Addedesutils@2.0.3(transitive)
+ Addedfalafel@0.3.1(transitive)
+ Addedfast-levenshtein@2.0.6(transitive)
+ Addedinherits@2.0.4(transitive)
+ Addedisarray@0.0.11.0.0(transitive)
+ Addedlevn@0.3.0(transitive)
+ Addedminimist@0.0.8(transitive)
+ Addedobject-inspect@0.4.0(transitive)
+ Addedobject-keys@0.4.0(transitive)
+ Addedoptionator@0.8.3(transitive)
+ Addedprelude-ls@1.1.2(transitive)
+ Addedprocess-nextick-args@2.0.1(transitive)
+ Addedquote-stream@0.0.0(transitive)
+ Addedreadable-stream@1.0.341.1.142.3.8(transitive)
+ Addedsafe-buffer@5.1.2(transitive)
+ Addedshallow-copy@0.0.1(transitive)
+ Addedsource-map@0.6.1(transitive)
+ Addedstatic-eval@0.2.4(transitive)
+ Addedstatic-module@0.0.2(transitive)
+ Addedstring_decoder@0.10.311.1.1(transitive)
+ Addedthrough2@0.4.2(transitive)
+ Addedtype-check@0.3.2(transitive)
+ Addedtypedarray@0.0.6(transitive)
+ Addedutil-deprecate@1.0.2(transitive)
+ Addedword-wrap@1.2.5(transitive)
+ Addedxtend@2.1.2(transitive)
- Removedescodegen@0.0.17
- Removedfalafel@~0.1.6
- Removedthrough@~2.2.0
- Removedescodegen@0.0.17(transitive)
- Removedestraverse@0.0.4(transitive)
- Removedfalafel@0.1.6(transitive)
- Removedsource-map@0.7.4(transitive)
- Removedthrough@2.2.7(transitive)