build-strap
Advanced tools
build-strap - npm Package Compare versions
+1
-1
| { | ||
| "name": "build-strap", | ||
| "version": "5.0.6", | ||
| "version": "5.0.7-dev.116", | ||
| "description": "Node scripts for building things", | ||
@@ -5,0 +5,0 @@ "license": "MIT", |
+4
-1
@@ -69,3 +69,6 @@ import fs from 'fs-extra'; | ||
| try { | ||
| return (await spawn(shell, ['-c', `${refreshEnv ? `source ${envFile} && ` : ''}printenv ${name}`], { | ||
| return (await spawn(shell, [ | ||
| '-c', | ||
| `${refreshEnv ? `source ${envFile} > /dev/null 2>&1 && ` : ''}printenv ${name}`, | ||
| ], { | ||
| captureOutput: true, | ||
@@ -72,0 +75,0 @@ env: { |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 8 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 8 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
148985
0.04%- Lines of code
3504
0.09%Worsened metrics
- Number of low quality alerts
2
100%