builder - npm Package Compare versions

Comparing version 2.1.2 to 2.1.3

HISTORY.md

 History
 =======
 
+## 2.1.3
+
+* Just use `require()` for archetype package.json loading. #32
+
 ## 2.1.2
@@ -5,0 +9,0 @@

lib/config.js

@@ -36,6 +36,2 @@ "use strict";
 
-  // State: Information about the installation environment.
-  // (State is set on `_loadScripts`)
-  this._isFromNpm = false;
-
   // Array of [name, scripts array] pairs.
@@ -73,62 +69,19 @@ this.scripts = this._loadScripts(this.archetypes);
 /**
- * Load a single archetype's package.json.
+ * Archetype scripts.
  *
  * @param   {String} name   Archetype name
- * @returns {Object}        Package.json object
+ * @returns {Object}        Package.json scripts object
  */
-Config.prototype._loadArchetypePackage = function (name) {
+Config.prototype._loadArchetypeScripts = function (name) {
   /*eslint-disable global-require*/
-  var pkgPath;
-
-  // Scripts can be contained (npm v2) or siblings (npm v3).
-  //
-  // If a package is installed from NPM **and** we're using NPM v3, then the
-  // archetype is a **sibling** not contained in `ROOT/node_modules`.
-  //
-  // Accordingly, we use information from loading `ROOT/package.json` to
-  // heursitically (hackily) determine if these conditions are true.
-  //
-  // https://github.com/FormidableLabs/builder/issues/25
+  var pkg;
   try {
-    // Contained in the "usual place"
-    pkgPath = path.join(process.cwd(), "node_modules", name, "package.json");
-    return require(pkgPath);
+    pkg = require(name + "/package.json");
   } catch (err) {
-    /*eslint-disable no-empty*/
+    log.error("config:load-archetype-scripts",
+      "Error loading package.json for: " + chalk.gray(name) + " " +
+      (err.message || err.toString()));
+    throw err;
   }
 
-  if (this._isFromNpm) {
-    try {
-      // NPM-installed (sometimes on v2, always on v3)
-      pkgPath = path.join(process.cwd(), "..", name, "package.json");
-      return require(pkgPath);
-    } catch (err) {
-      /*eslint-disable no-empty*/
-    }
-  }
-
-  try {
-    // Require resolve it
-    var modPath = require.resolve(name);
-    pkgPath = path.join(modPath, "package.json");
-    return require(pkgPath);
-  } catch (err) {
-    /*eslint-disable no-empty*/
-  }
-
-  return undefined;
-};
-
-/**
- * Archetype scripts.
- *
- * @param   {String} name   Archetype name
- * @returns {Object}        Package.json scripts object
- */
-Config.prototype._loadArchetypeScripts = function (name) {
-  var pkg = this._loadArchetypePackage(name);
-  if (!pkg) {
-    throw new Error("Unable to find package.json for: " + name);
-  }
-
   var scripts = (pkg || {}).scripts || {};
@@ -158,5 +111,2 @@ return _(scripts)
 
-  // HACK: Detect if potential sibling with heuristic if "from npm";
-  this._isFromNpm = !!CWD_PKG._resolved;
-
   return [["ROOT", CWD_SCRIPTS]].concat(_(archetypes)
@@ -163,0 +113,0 @@ .map(function (name) {

package.json

 {
   "name": "builder",
-  "version": "2.1.2",
+  "version": "2.1.3",
   "description": "An NPM-based task runner",
@@ -5,0 +5,0 @@ "repository": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

4

decreased by-42.86%

Worsened metrics

Total package byte prevSize

32786

decreased by-4.03%

Lines of code

569

decreased by-7.03%

No dependency changes