browser-module-sandbox - npm Package Compare versions

Comparing version 1.3.10 to 1.4.0

index.js

@@ -22,4 +22,4 @@ var inherits = require('inherits')
   this.iframeStyle = "<style type='text/css'>" + 
-    "html, body { margin: 0; padding: 0; border: 0; }\n" + 
-    opts.iframeStyle + 
+    "html, body { margin: 0; padding: 0; border: 0; }\n" +
+    opts.iframeStyle +
     "</style>"
@@ -52,2 +52,4 @@ this.cache = createCache(opts.cacheOpts)
     modules.forEach(function(module) {
+      module = module + '@' + (preferredVersions[module] || 'latest')
+
       if (cached[module]) {
@@ -74,4 +76,6 @@ allBundles += cached[module]['bundle']
     download.map(function(module) {
-      var version = preferredVersions[module] || 'latest'
-      body.dependencies[module] = version
+      var tokens = module.split('@')
+      var name = tokens[0]
+      var version = tokens[1]
+      body.dependencies[name] = version
     })
@@ -93,3 +97,21 @@
 
-    Object.keys(json).map(function(module) {
+    // fix json properties to also hold the package version
+    // e.g.
+    // "foo": {
+    //  "package": {
+    //    "version": "1.0.0"
+    //  }
+    // }
+    // to:
+    // "foo@1.0.0": { ... }
+    //
+    // NOTE: "foo@latest" is never cached because browserify-cdn
+    // always returns a valid semver :)
+    Object.keys(json).forEach(function (module) {
+      var existing = json[module]
+      json[module + '@' + existing.package.version] = json[module]
+      delete json[module]
+    })
+
+    Object.keys(json).forEach(function(module) {
       allBundles += json[module]['bundle']
@@ -96,0 +118,0 @@ packages.push(json[module]['package'])

package.json

 {
   "name": "browser-module-sandbox",
-  "version": "1.3.10",
+  "version": "1.4.0",
   "description": "uses browserify-cdn to run node code in an iframe",
@@ -5,0 +5,0 @@ "repository": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

29920

increased by33.1%

Lines of code

116

increased by20.83%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes