cartable - npm Package Compare versions

Comparing version 2.0.3 to 2.0.4

index.js

 const _ = require('lodash/fp');
-const fs = require('fs-extra');
+const Promise = require('bluebird');
+const writeJSONAsync = Promise.promisify(require('fs-extra').writeJSON);
+const path = require('path');
+const logger = require('./libs/logger');
 
-let packages = JSON.parse(require('./cartable.json'));
-const get = pname => {
-  const package = _.find(
+const root = process.env.PWD;
+const cartablePath = path.resolve(root, 'cartable.json');
+let cartable;
+
+try {
+  cartable = JSON.parse(require(cartablePath));
+} catch (e) {
+  cartable = [];
+}
+
+const get = (pname) => {
+  const found = _.find(
     ({ name }) => name === pname
-  )(packages);
+  )(cartable);
+  if (found) {
+    logger.info('Module already required');
+    return found;
+  }
 
-  if(package){
-    console.log('found');
-  }
-  else{
+  try {
     const p = require(pname);
-    packages.push({ name: pname, content: p });
-    return fs.writeJSON('cartable.json', JSON.stringify(packages), (err, success) => {
-      if(err)
-        console.log(err);
-      return p;
-    });
+    cartable.push({ name: pname, content: p });
+    writeJSONAsync(cartablePath, JSON.stringify(cartable)).catch(logger.error);
+    return p;
+  } catch (e) {
+    return logger.error(e.message);
   }
+};
 
-}
-
 module.exports = {
   get
-}
+};

package.json

 {
   "name": "cartable",
-  "version": "2.0.3",
+  "version": "2.0.4",
   "description": "",
@@ -20,4 +20,14 @@ "main": "index.js",
   "dependencies": {
+    "bluebird": "^3.5.0",
+    "fs-extra": "^2.1.2",
     "lodash": "^4.17.4"
+  },
+  "devDependencies": {
+    "eslint": "^3.18.0",
+    "eslint-config-airbnb": "^14.1.0",
+    "eslint-config-airbnb-base": "^11.1.1",
+    "eslint-plugin-import": "^2.2.0",
+    "eslint-plugin-jsx-a11y": "^4.0.0",
+    "eslint-plugin-react": "^6.10.3"
   }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

3100

increased by87.54%

Number of package files

6

increased by50%

Lines of code

66

increased by164%

Worsened metrics

Dependency count

3

increased by200%

Dev dependency count

6

increased byInfinity%

Number of low supply chain risk alerts

4

increased by100%

Dependency changes

• + Addedbluebird@^3.5.0

• + Addedfs-extra@^2.1.2

• + Addedbluebird@3.7.2(transitive)

• + Addedfs-extra@2.1.2(transitive)

• + Addedgraceful-fs@4.2.11(transitive)

• + Addedjsonfile@2.4.0(transitive)