component-set - npm Package Compare versions

Comparing version 0.2.0 to 0.2.1

bin/utils.js

 
-var Promise = require('laissez-faire/full')
-  , ghtag = require('github-latest')
-  , log = require('./logger')
-  , fs = require('fs')
+var lift = require('lift-result/cps')
+var ghtag = lift(require('github-latest'))
+var Result = require('result')
+var log = require('./logger')
+var fs = require('fs')
 
-exports.getDeps = getDeps
-exports.add = add
-
 exports.parseKeyValue = function(dep){
@@ -15,4 +13,5 @@ // github shorthand
 		var key = m[1] + '/' + m[2]
-		if (m[3]) return new Promise().write([key, m[3]])
+		if (m[3]) return Result.wrap([key, m[3]])
 		return exports.latest(m[1], m[2]).then(function(tag){
+			if (tag == 'master') tag = '*'
 			return [key, tag]
@@ -26,12 +25,10 @@ })
 exports.latest = function(user, repo){
-	var p = new Promise
 	log.info('fetching', 'latest tag for %s/%s', user, repo)
-	ghtag(user, repo, function(e, tag){
-		if (e) log.info('error', 'unable to find the latest tag for %s/%s (%s)', user, repo, e.message)
-		p.write(tag || 'master')
+	return ghtag(user, repo).then(null, function(e){
+		log.info('error', 'unable to find the latest tag for %s/%s (%s)', user, repo, e.message)
+		return 'master'
 	})
-	return p
 }
 
-function getDeps(file){
+exports.getDeps = function(file){
 	if (!fs.existsSync(file)) throw new Error('no component.json')
@@ -48,4 +45,4 @@ return JSON.parse(fs.readFileSync(file, 'utf8'))
 
-function add(key, tag, opts){
-	var json = getDeps(opts.file)
+exports.add = function(key, tag, opts){
+	var json = exports.getDeps(opts.file)
 
@@ -52,0 +49,0 @@ // --development

package.json

 {
   "name": "component-set",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "add dependencies to component.json",
@@ -21,8 +21,8 @@ "bin": {
   "dependencies": {
-    "laissez-faire": "~0.12.4",
-    "commander": "~1.1.1",
-    "foreach": "http://github.com/jkroso/forEach/tarball/0.6.0",
-    "github-latest": "http://github.com/jkroso/github-latest/tarball/fe495ff"
-  },
-  "devDependencies": {}
+    "result": "0.4.2",
+    "commander": "2.0.0",
+    "lift-result": "0.1.1",
+    "foreach": "http://github.com/jkroso/forEach/tarball/0.8.7",
+    "github-latest": "http://github.com/jkroso/github-latest/tarball/0.2.1"
+  }
 }

New alerts

HTTP dependency

Supply chain risk

Contains a dependency which resolves to a remote HTTP URL which could be used to inject untrusted code and reduce overall package reliability.

Found 2 instances in 1 package

Fixed alerts

HTTP dependency

Supply chain risk

Contains a dependency which resolves to a remote HTTP URL which could be used to inject untrusted code and reduce overall package reliability.

Found 2 instances in 1 package

Improved metrics

Total package byte prevSize

41473

increased by0.43%

Number of package files

10

increased by11.11%

Worsened metrics

Dependency count

5

increased by25%

Lines of code

154

decreased by-1.28%

Dependency changes

• + Addedlift-result@0.1.1

• + Addedresult@0.4.2

• + Addedcommander@2.0.0(transitive)

• + Addedlift-result@0.1.1(transitive)

• + Addedresult@0.4.2(transitive)

• + Addedresult-core@1.1.2(transitive)

• + Addedresult-type@1.0.0(transitive)

• - Removedlaissez-faire@~0.12.4

• - Removedcommander@1.1.1(transitive)

• - Removedkeypress@0.1.0(transitive)

• - Removedlaissez-faire@0.12.4(transitive)

• Updatedcommander@2.0.0

• Updatedforeach@http://github.com/jkroso/forEach/tarball/0.8.7

• Updatedgithub-latest@http://github.com/jkroso/github-latest/tarball/0.2.1