builder - npm Package Compare versions

Comparing version 2.1.0 to 2.1.1

HISTORY.md

 History
 =======
 
+## 2.1.1
+
+* Fix bug with archetype discovery when npm-installed and npm v3. #25
+
 ## 2.1.0
@@ -5,0 +9,0 @@

lib/config.js

@@ -31,2 +31,7 @@ "use strict";
 
+  // State: Is this a "from NPM" installation on v3+?
+  // (State is set on `_loadScripts`)
+  this._isFromNpm = false;
+  this._isNpmV3 = false;
+
   // Array of [name, scripts array] pairs.
@@ -71,5 +76,26 @@ this.scripts = this._loadScripts(this.archetypes);
   /*eslint-disable global-require*/
-  var scripts = (require(path.join(
-    process.cwd(), "node_modules", name, "package.json")) || {}).scripts || {};
+  // Scripts can be contained (npm v2) or siblings (npm v3).
+  //
+  // If a package is installed from NPM **and** we're using NPM v3, then the
+  // archetype is a **sibling** not contained in `ROOT/node_modules`.
+  //
+  // Accordingly, we use information from loading `ROOT/package.json` to
+  // heursitically (hackily) determine if these conditions are true.
+  //
+  // https://github.com/FormidableLabs/builder/issues/25
+  var pkg;
+  try {
+    // Contained.
+    pkg = require(path.join(process.cwd(), "node_modules", name, "package.json"));
+  } catch (err) {
+    // NPM-installed **and** v3 is a sibling.
+    if (this._isFromNpm && this._isNpmV3) {
+      pkg = require(path.join(process.cwd(), "..", name, "package.json"));
+    }
+  }
+  if (!pkg) {
+    throw new Error("Unable to find package.json for: " + name);
+  }
 
+  var scripts = (pkg || {}).scripts || {};
   return _(scripts)
@@ -95,4 +121,19 @@ .pairs()
 Config.prototype._loadScripts = function (archetypes) {
-  var CWD_SCRIPTS = (require(path.join(process.cwd(), "package.json")) || {}).scripts || {};
+  var CWD_PKG = require(path.join(process.cwd(), "package.json")) || {};
+  var CWD_SCRIPTS = CWD_PKG.scripts || {};
 
+  // HACK: Detect if potential sibling with heuristic if "from npm";
+  this._isFromNpm = !!CWD_PKG._resolved;
+
+  // HACK: Detect if NPM v3 from user agent.
+  var match = (process.env.npm_config_user_agent || "").match(/npm\/([0-9]+)/);
+  if (match && match[1]) {
+    try {
+      // Version 3 or greater.
+      this._isNpmV3 = parseInt(match[1], 10) >= 3;
+    } catch (err) {
+      // pass through.
+    }
+  }
+
   return [["ROOT", CWD_SCRIPTS]].concat(_(archetypes)
@@ -99,0 +140,0 @@ .map(function (name) {

package.json

 {
   "name": "builder",
-  "version": "2.1.0",
+  "version": "2.1.1",
   "description": "An NPM-based task runner",
@@ -5,0 +5,0 @@ "repository": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

33643

increased by4.35%

Lines of code

594

increased by6.83%

Worsened metrics

Number of low supply chain risk alerts

6

increased by50%

No dependency changes