create-react-app
Advanced tools
create-react-app - npm Package Compare versions
Comparing version 1.2.1 to 1.3.0
112
index.js
@@ -63,2 +63,5 @@ #!/usr/bin/env node | ||
| var dns = require('dns'); | ||
| var tmp = require('tmp'); | ||
| var unpack = require('tar-pack').unpack; | ||
| var hyperquest = require('hyperquest'); | ||
@@ -205,19 +208,30 @@ var projectName; | ||
| var packageToInstall = getInstallPackage(version); | ||
| var packageName = getPackageName(packageToInstall); | ||
| var allDependencies = ['react', 'react-dom', packageToInstall]; | ||
| console.log('Installing packages. This might take a couple minutes.'); | ||
| console.log( | ||
| 'Installing ' + chalk.cyan('react') + ', ' + chalk.cyan('react-dom') + | ||
| ', and ' + chalk.cyan(packageName) + '...' | ||
| ); | ||
| console.log(); | ||
| var useYarn = shouldUseYarn(); | ||
| checkIfOnline(useYarn) | ||
| .then(function(isOnline) { | ||
| return install(useYarn, allDependencies, verbose, isOnline); | ||
| getPackageName(packageToInstall) | ||
| .then(function(packageName) { | ||
| return checkIfOnline(useYarn).then(function(isOnline) { | ||
| return { | ||
| isOnline: isOnline, | ||
| packageName: packageName, | ||
| }; | ||
| }); | ||
| }) | ||
| .then(function() { | ||
| .then(function(info) { | ||
| var isOnline = info.isOnline; | ||
| var packageName = info.packageName; | ||
| console.log( | ||
| 'Installing ' + chalk.cyan('react') + ', ' + chalk.cyan('react-dom') + | ||
| ', and ' + chalk.cyan(packageName) + '...' | ||
| ); | ||
| console.log(); | ||
| return install(useYarn, allDependencies, verbose, isOnline).then(function() { | ||
| return packageName; | ||
| }); | ||
| }) | ||
| .then(function(packageName) { | ||
| checkNodeVersion(packageName); | ||
@@ -245,2 +259,5 @@ | ||
| console.log(' ' + chalk.cyan(reason.command), 'has failed.') | ||
| } else { | ||
| console.log(chalk.red('Unexpected error. Please report it as a bug:')); | ||
| console.log(reason); | ||
| } | ||
@@ -288,8 +305,63 @@ console.log(); | ||
| function getTemporaryDirectory() { | ||
| return new Promise(function(resolve, reject) { | ||
| // Unsafe cleanup lets us recursively delete the directory if it contains | ||
| // contents; by default it only allows removal if it's empty | ||
| tmp.dir({ unsafeCleanup: true }, function(err, tmpdir, callback) { | ||
| if (err) { | ||
| reject(err); | ||
| } else { | ||
| resolve({ | ||
| tmpdir: tmpdir, | ||
| cleanup: function() { | ||
| try { | ||
| callback(); | ||
| } catch (ignored) { | ||
| // Callback might throw and fail, since it's a temp directory the | ||
| // OS will clean it up eventually... | ||
| } | ||
| } | ||
| }); | ||
| } | ||
| }); | ||
| }); | ||
| } | ||
| function extractStream(stream, dest) { | ||
| return new Promise(function(resolve, reject) { | ||
| stream.pipe(unpack(dest, function(err) { | ||
| if (err) { | ||
| reject(err); | ||
| } else { | ||
| resolve(dest); | ||
| } | ||
| })); | ||
| }); | ||
| } | ||
| // Extract package name from tarball url or path. | ||
| function getPackageName(installPackage) { | ||
| if (installPackage.indexOf('.tgz') > -1) { | ||
| // The package name could be with or without semver version, e.g. react-scripts-0.2.0-alpha.1.tgz | ||
| // However, this function returns package name only without semver version. | ||
| return installPackage.match(/^.+\/(.+?)(?:-\d+.+)?\.tgz$/)[1]; | ||
| return getTemporaryDirectory().then(function(obj) { | ||
| var stream; | ||
| if (/^http/.test(installPackage)) { | ||
| stream = hyperquest(installPackage); | ||
| } else { | ||
| stream = fs.createReadStream(installPackage); | ||
| } | ||
| return extractStream(stream, obj.tmpdir).then(function() { | ||
| return obj; | ||
| }); | ||
| }).then(function(obj) { | ||
| var packageName = require(path.join(obj.tmpdir, 'package.json')).name; | ||
| obj.cleanup(); | ||
| return packageName; | ||
| }).catch(function(err) { | ||
| // The package name could be with or without semver version, e.g. react-scripts-0.2.0-alpha.1.tgz | ||
| // However, this function returns package name only without semver version. | ||
| console.log('Could not extract the package name from the archive: ' + err.message); | ||
| var assumedProjectName = installPackage.match(/^.+\/(.+?)(?:-\d+.+)?\.tgz$/)[1]; | ||
| console.log('Based on the filename, assuming it is "' + chalk.cyan(assumedProjectName) + '"'); | ||
| return Promise.resolve(assumedProjectName); | ||
| }); | ||
| } else if (installPackage.indexOf('git+') === 0) { | ||
@@ -299,8 +371,8 @@ // Pull package name out of git urls e.g: | ||
| // git+ssh://github.com/mycompany/react-scripts.git#v1.2.3 | ||
| return installPackage.match(/([^\/]+)\.git(#.*)?$/)[1]; | ||
| return Promise.resolve(installPackage.match(/([^\/]+)\.git(#.*)?$/)[1]); | ||
| } else if (installPackage.indexOf('@') > 0) { | ||
| // Do not match @scope/ when stripping off @version or @tag | ||
| return installPackage.charAt(0) + installPackage.substr(1).split('@')[0]; | ||
| return Promise.resolve(installPackage.charAt(0) + installPackage.substr(1).split('@')[0]); | ||
| } | ||
| return installPackage; | ||
| return Promise.resolve(installPackage); | ||
| } | ||
@@ -361,3 +433,3 @@ | ||
| } | ||
| // TODO: there should be a single place that holds the dependencies | ||
@@ -455,3 +527,3 @@ var dependencies = ['react', 'react-dom']; | ||
| } | ||
| return new Promise(function(resolve) { | ||
@@ -458,0 +530,0 @@ dns.resolve('registry.yarnpkg.com', function(err) { |
| { | ||
| "name": "create-react-app", | ||
| "version": "1.2.1", | ||
| "version": "1.3.0", | ||
| "keywords": [ | ||
@@ -27,5 +27,8 @@ "react" | ||
| "fs-extra": "^1.0.0", | ||
| "hyperquest": "^2.1.2", | ||
| "semver": "^5.0.3", | ||
| "tar-pack": "^3.4.0", | ||
| "tmp": "0.0.31", | ||
| "validate-npm-package-name": "^3.0.0" | ||
| } | ||
| } |
New alerts
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by15.06%
18286
- Lines of code
- increased by17.37%
473
Worsened metrics
- Dependency count
- increased by50%
9
- Number of low supply chain risk alerts
- increased by20%
6
Dependency changes
+ Addedhyperquest@^2.1.2
+ Addedtar-pack@^3.4.0
+ Addedtmp@0.0.31
+ Addedbalanced-match@1.0.2(transitive)
+ Addedblock-stream@0.0.9(transitive)
+ Addedbrace-expansion@1.1.11(transitive)
+ Addedbuffer-from@0.1.2(transitive)
+ Addedconcat-map@0.0.1(transitive)
+ Addedcore-util-is@1.0.3(transitive)
+ Addeddebug@2.6.9(transitive)
+ Addedduplexer2@0.0.2(transitive)
+ Addedfs.realpath@1.0.0(transitive)
+ Addedfstream@1.0.12(transitive)
+ Addedfstream-ignore@1.0.5(transitive)
+ Addedglob@7.2.3(transitive)
+ Addedhyperquest@2.1.3(transitive)
+ Addedinflight@1.0.6(transitive)
+ Addedinherits@2.0.4(transitive)
+ Addedisarray@0.0.11.0.0(transitive)
+ Addedminimatch@3.1.2(transitive)
+ Addedminimist@1.2.8(transitive)
+ Addedmkdirp@0.5.6(transitive)
+ Addedms@2.0.0(transitive)
+ Addedonce@1.4.0(transitive)
+ Addedos-tmpdir@1.0.2(transitive)
+ Addedpath-is-absolute@1.0.1(transitive)
+ Addedprocess-nextick-args@2.0.1(transitive)
+ Addedreadable-stream@1.0.341.1.142.3.8(transitive)
+ Addedrimraf@2.7.1(transitive)
+ Addedsafe-buffer@5.1.2(transitive)
+ Addedstring_decoder@0.10.311.1.1(transitive)
+ Addedtar@2.2.2(transitive)
+ Addedtar-pack@3.4.1(transitive)
+ Addedthrough2@0.6.5(transitive)
+ Addedtmp@0.0.31(transitive)
+ Addeduid-number@0.0.6(transitive)
+ Addedutil-deprecate@1.0.2(transitive)
+ Addedwrappy@1.0.2(transitive)
+ Addedxtend@4.0.2(transitive)