cf-deployment-tracker-client - npm Package Compare versions

Comparing version 0.0.3 to 0.0.5

package.json

 {
   "name": "cf-deployment-tracker-client",
-  "version": "0.0.3",
+  "version": "0.0.5",
   "private": false,
@@ -5,0 +5,0 @@ "main": "tracker.js",

README.md

@@ -1,1 +0,29 @@
-# cf-deployment-tracker-client-node
+# Overview
+
+This is an npm module that can track and report details of a demo/tutorial that has been deployed to Cloud Foundry
+
+# To Use
+
+1. Add cf-deployment-tracker-client as a dependency to your `package.json`.
+2. Require the package in your main entry point to your app (probably app.js).  `require("cf-deployment-tracker-client").track();`
+
+# Example app
+
+To see how to include this into your app please visit [Bluemix Hello World]()https://github.com/IBM-Bluemix/bluemix-hello-node.  You will want to pay attention to [package.json](https://github.com/IBM-Bluemix/bluemix-hello-node/blob/master/package.json#L9), and [server.js](https://github.com/IBM-Bluemix/bluemix-hello-node/blob/master/server.js#L15).
+
+# Privacy Notice
+
+Sample web applications that include this package may be configured to track deployments to [IBM Bluemix](https://www.bluemix.net/) and other Cloud Foundry platforms. The following information is sent to a [Deployment Tracker](https://github.com/IBM-Bluemix/cf-deployment-tracker-service) service on each deployment:
+
+* Node.js package version
+* Node.js repository URL
+* Application Name (`application_name`)
+* Space ID (`space_id`)
+* Application Version (`application_version`)
+* Application URIs (`application_uris`)
+
+This data is collected from the `package.json` file in the sample application and the `VCAP_APPLICATION` environment variable in IBM Bluemix and other Cloud Foundry platforms. This data is used by IBM to track metrics around deployments of sample applications to IBM Bluemix to measure the usefulness of our examples, so that we can continuously improve the content we offer to you. Only deployments of sample applications that include code to ping the Deployment Tracker service will be tracked.
+
+## Disabling Deployment Tracking
+
+Please see the README for the sample application that includes this package for instructions on disabling deployment tracking, as the instructions may vary based on the sample application in which this package is included.

tracker.js

@@ -5,6 +5,18 @@ // Licensed under the Apache 2.0 License. See footer for details.
     restler = require("restler"),
-    path = require("path");
+    path = require("path"),
+    fs = require("fs");
 
+function getPackageJson() {
+    try {
+        fs.statSync(path.join(path.dirname(module.parent.filename), "package.json"));
+        return path.join(path.dirname(module.parent.filename), "package.json");
+    }
+    catch (error) {
+        return path.join(path.dirname(module.parent.filename), "../package.json");
+    }
+}
+
 function track() {
-    var pkg = require(path.join(path.dirname(module.parent.filename), "package.json")),
+
+    var pkg = getPackageJson()
         vcapApplication;
@@ -11,0 +23,0 @@

New alerts

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

16573

increased by15.8%

Lines of code

49

increased by25.64%

Number of lines in readme file

30

increased by1400%

No dependency changes