decompress - npm Package Compare versions

Comparing version 4.0.0 to 4.1.0

index.js

 'use strict';
-const fs = require('fs');
 const path = require('path');
+const fs = require('graceful-fs');
 const decompressTar = require('decompress-tar');
@@ -11,2 +11,3 @@ const decompressTarbz2 = require('decompress-tarbz2');
 const stripDirs = require('strip-dirs');
+
 const fsP = pify(fs);
@@ -45,9 +46,12 @@
 	return Promise.all(files.map(x => {
+		const dest = path.join(output, x.path);
+		const mode = x.mode & ~process.umask();
+		const now = new Date();
+
 		if (x.type === 'directory') {
-			return pify(mkdirp)(path.join(output, x.path)).then(() => x);
+			return pify(mkdirp)(dest)
+				.then(() => fsP.utimes(dest, now, x.mtime))
+				.then(() => x);
 		}
 
-		const dest = path.join(output, x.path);
-		const mode = x.mode & ~process.umask();
-
 		return pify(mkdirp)(path.dirname(dest))
@@ -59,2 +63,6 @@ .then(() => {
 
+				if (x.type === 'symlink' && process.platform === 'win32') {
+					return fsP.link(x.linkname, dest);
+				}
+
 				if (x.type === 'symlink') {
@@ -66,2 +74,3 @@ return fsP.symlink(x.linkname, dest);
 			})
+			.then(() => x.type === 'file' && fsP.utimes(dest, now, x.mtime))
 			.then(() => x);
@@ -68,0 +77,0 @@ }));

package.json

 {
   "name": "decompress",
-  "version": "4.0.0",
+  "version": "4.1.0",
   "description": "Extracting archives made easy",
@@ -37,5 +37,6 @@ "license": "MIT",
     "decompress-unzip": "^4.0.1",
+    "graceful-fs": "^4.1.10",
     "mkdirp": "^0.5.1",
     "pify": "^2.3.0",
-    "strip-dirs": "^1.1.1"
+    "strip-dirs": "^2.0.0"
   },
@@ -42,0 +43,0 @@ "devDependencies": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

6042

increased by4.8%

Lines of code

78

increased by9.86%

Number of low supply chain risk alerts

1

decreased by-50%

Worsened metrics

Dependency count

8

increased by14.29%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedgraceful-fs@^4.1.10

• + Addedgraceful-fs@4.2.11(transitive)

• + Addedis-natural-number@4.0.1(transitive)

• + Addedstrip-dirs@2.1.0(transitive)

• - Removedansi-regex@2.1.1(transitive)

• - Removedansi-styles@2.2.1(transitive)

• - Removedchalk@1.1.3(transitive)

• - Removedescape-string-regexp@1.0.5(transitive)

• - Removedget-stdin@4.0.1(transitive)

• - Removedhas-ansi@2.0.0(transitive)

• - Removedis-absolute@0.1.7(transitive)

• - Removedis-natural-number@2.1.1(transitive)

• - Removedis-relative@0.1.3(transitive)

• - Removedstrip-ansi@3.0.1(transitive)

• - Removedstrip-dirs@1.1.1(transitive)

• - Removedsum-up@1.0.3(transitive)

• - Removedsupports-color@2.0.0(transitive)

• Updatedstrip-dirs@^2.0.0