Comparing version 2.1.0 to 2.1.1
History | ||
======= | ||
## 2.1.1 | ||
* Fix bug with archetype discovery when npm-installed and npm v3. #25 | ||
## 2.1.0 | ||
@@ -5,0 +9,0 @@ |
@@ -31,2 +31,7 @@ "use strict"; | ||
// State: Is this a "from NPM" installation on v3+? | ||
// (State is set on `_loadScripts`) | ||
this._isFromNpm = false; | ||
this._isNpmV3 = false; | ||
// Array of [name, scripts array] pairs. | ||
@@ -71,5 +76,26 @@ this.scripts = this._loadScripts(this.archetypes); | ||
/*eslint-disable global-require*/ | ||
var scripts = (require(path.join( | ||
process.cwd(), "node_modules", name, "package.json")) || {}).scripts || {}; | ||
// Scripts can be contained (npm v2) or siblings (npm v3). | ||
// | ||
// If a package is installed from NPM **and** we're using NPM v3, then the | ||
// archetype is a **sibling** not contained in `ROOT/node_modules`. | ||
// | ||
// Accordingly, we use information from loading `ROOT/package.json` to | ||
// heursitically (hackily) determine if these conditions are true. | ||
// | ||
// https://github.com/FormidableLabs/builder/issues/25 | ||
var pkg; | ||
try { | ||
// Contained. | ||
pkg = require(path.join(process.cwd(), "node_modules", name, "package.json")); | ||
} catch (err) { | ||
// NPM-installed **and** v3 is a sibling. | ||
if (this._isFromNpm && this._isNpmV3) { | ||
pkg = require(path.join(process.cwd(), "..", name, "package.json")); | ||
} | ||
} | ||
if (!pkg) { | ||
throw new Error("Unable to find package.json for: " + name); | ||
} | ||
var scripts = (pkg || {}).scripts || {}; | ||
return _(scripts) | ||
@@ -95,4 +121,19 @@ .pairs() | ||
Config.prototype._loadScripts = function (archetypes) { | ||
var CWD_SCRIPTS = (require(path.join(process.cwd(), "package.json")) || {}).scripts || {}; | ||
var CWD_PKG = require(path.join(process.cwd(), "package.json")) || {}; | ||
var CWD_SCRIPTS = CWD_PKG.scripts || {}; | ||
// HACK: Detect if potential sibling with heuristic if "from npm"; | ||
this._isFromNpm = !!CWD_PKG._resolved; | ||
// HACK: Detect if NPM v3 from user agent. | ||
var match = (process.env.npm_config_user_agent || "").match(/npm\/([0-9]+)/); | ||
if (match && match[1]) { | ||
try { | ||
// Version 3 or greater. | ||
this._isNpmV3 = parseInt(match[1], 10) >= 3; | ||
} catch (err) { | ||
// pass through. | ||
} | ||
} | ||
return [["ROOT", CWD_SCRIPTS]].concat(_(archetypes) | ||
@@ -99,0 +140,0 @@ .map(function (name) { |
{ | ||
"name": "builder", | ||
"version": "2.1.0", | ||
"version": "2.1.1", | ||
"description": "An NPM-based task runner", | ||
@@ -5,0 +5,0 @@ "repository": { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
33643
594
6