derequire - npm Package Compare versions

Comparing version 1.2.1 to 2.0.0

bin/cmd.js

@@ -6,2 +6,3 @@ #!/usr/bin/env node
 var fs = require('fs');
+
 var argv = require('yargs')
@@ -23,2 +24,3 @@ .options('t', {
    .argv;
+
 var file = argv._[0];
@@ -30,6 +32,6 @@ var input;
   input = process.stdin;
-} 
+}
 
 input.pipe(concat(function(buf) {
-    console.log(derequire(buf.toString('utf8'), argv.t, argv.f));
+  console.log(derequire(buf, argv.t, argv.f));
 }));

index.js

 'use strict';
 
-var estraverse = require('estraverse');
-var esprima = require('esprima-fb');
-var esrefactor = require('esrefactor');
-var _requireRegexp = /require.*\(.*['"]/m;
+var acorn = require('acorn');
+var escope = require('escope');
 
-function requireRegexp(token) {
-  if (token === 'require') {
-    return _requireRegexp;
+var requireRegexp = /\brequire\b/;
+
+function write(arr, str, offset) {
+  for (var i = 0, l = str.length; i < l; i++) {
+    arr[offset + i] = str[i];
   }
-  
-  return new RegExp(token + '.*\\(.*[\'"]', 'm');
 }
 
-function testParse (code) {
-  try {
-    return esprima.parse(code, { range: true });
-  } catch (e) {}
-}
+function rename(code, tokenTo, tokenFrom) {
 
-function rename(code, tokenTo, tokenFrom) {
-  tokenTo = tokenTo || '_dereq_';
-  tokenFrom = tokenFrom || 'require';
   var tokens;
   if (!Array.isArray(tokenTo)) {
     tokens = [{
-      to: tokenTo,
-      from: tokenFrom
+      from: tokenFrom || 'require',
+      to: tokenTo || '_dereq_'
     }];
@@ -34,43 +25,68 @@ } else {
   }
-  if(tokens.some(function (item) {
-    return item.to.length !== item.from.length;
-  })){
-      throw new Error('bad stuff will happen if you try to change tokens of different length');
-  }
-  
-  if (!tokens.some(function (item) {
-    var results = requireRegexp(item.from).test(code);
-    return results;
-  })) {
+
+  tokens.forEach(function(token) {
+    if (token.to.length !== token.from.length) {
+      throw new Error('"' + token.to + '" and "' + token.from + '" must be the same length');
+    }
+  });
+
+  if (tokens.length === 1 &&
+      tokens[0].from === 'require' &&
+      !requireRegexp.test(code)) {
     return code;
   }
-  
-  var inCode = '!function(){'+code+'\n;}';
-  var ast = testParse(inCode);
-  
-  if(!ast){
+
+  var ast;
+  try {
+    ast = acorn.parse(code, {
+      ecmaVersion: 6,
+      ranges: true,
+      allowReturnOutsideFunction: true
+    });
+  } catch(err) {
+    // this should probably log something and/or exit violently
     return code;
   }
-  var tokenNames = tokens.map(function (item) {
-    return item.from;
-  });
-  var ctx = new esrefactor.Context(ast);
-  ctx._code = inCode;
 
-  estraverse.traverse(ast,{
-    enter:function(node, parent) {
-      var index;
-      var test = parent &&
-        (parent.type === 'FunctionDeclaration' || parent.type === 'FunctionExpression' ||
-          parent.type === 'VariableDeclarator') &&
-        node.type === 'Identifier' && (index = tokenNames.indexOf(node.name)) !== -1;
-      if (test) {
-        ctx._code = ctx.rename(ctx.identify(node.range[0]), tokens[index].to);
+  //
+  // heavily inspired by https://github.com/estools/esshorten
+  //
+
+  code = String(code).split('');
+
+  var manager = escope.analyze(ast, {optimistic: true, ecmaVersion: 6});
+
+  for (var i = 0, iz = manager.scopes.length; i < iz; i++) {
+    var scope = manager.scopes[i];
+
+    for (var j = 0, jz = scope.variables.length; j < jz; j++) {
+      var variable = scope.variables[j];
+
+      if (variable.tainted || variable.identifiers.length === 0) {
+        continue;
       }
+
+      for (var k = 0, kz = tokens.length; k < kz; k++) {
+        var token = tokens[k];
+
+        if (variable.name !== token.from) {
+          continue;
+        }
+
+        for (var l = 0, lz = variable.identifiers.length; l < lz; l++) {
+          var def = variable.identifiers[l];
+          write(code, token.to, def.range[0]);
+        }
+
+        for (var m = 0, mz = variable.references.length; m < mz; m++) {
+          var ref = variable.references[m];
+          write(code, token.to, ref.identifier.range[0]);
+        }
+      }
     }
-  });
-  
-  return ctx._code.slice(12, -3);
+  }
+
+  return code.join('');
 }
 
 module.exports = rename;

package.json

 {
   "name": "derequire",
-  "version": "1.2.1",
+  "version": "2.0.0",
   "description": "remove requires",
@@ -10,4 +10,11 @@ "main": "index.js",
   "scripts": {
-    "test": "istanbul test _mocha test/test.js"
+    "test": "istanbul test _mocha test/test.js",
+    "perf": "node test/perf.js"
   },
+  "files": [
+    "bin/cmd.js",
+    "index.js",
+    "plugin.js",
+    "readme.md"
+  ],
   "repository": {
@@ -24,13 +31,12 @@ "type": "git",
   "dependencies": {
+    "acorn": "^0.12.0",
     "concat-stream": "^1.4.6",
-    "esprima-fb": "^10001.1.0-dev-harmony-fb",
-    "esrefactor": "~0.1.0",
-    "estraverse": "~1.9.1",
-    "yargs": "^1.3.1"
+    "escope": "^2.0.6",
+    "through2": "^0.6.3",
+    "yargs": "^3.4.5"
   },
   "devDependencies": {
-    "chai": "~1.8.1",
-    "mocha": "~1.16.2",
-    "istanbul": "~0.2.1"
+    "mocha": "^2.2.0",
+    "istanbul": "^0.3.7"
   }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Dev dependency count

2

decreased by-33.33%

Number of low supply chain risk alerts

1

decreased by-88.89%

Number of medium supply chain risk alerts

1

decreased by-92.86%

Worsened metrics

Total package byte prevSize

5110

decreased by-99.32%

Number of package files

5

decreased by-66.67%

Lines of code

119

decreased by-99.44%

Dependency changes

• + Addedacorn@^0.12.0

• + Addedescope@^2.0.6

• + Addedthrough2@^0.6.3

• + Addedacorn@0.12.0(transitive)

• + Addedansi-regex@2.1.1(transitive)

• + Addedcamelcase@2.1.1(transitive)

• + Addedcliui@3.2.0(transitive)

• + Addedcode-point-at@1.1.0(transitive)

• + Addedd@0.1.11.0.2(transitive)

• + Addeddecamelize@1.2.0(transitive)

• + Addedes5-ext@0.10.64(transitive)

• + Addedes6-iterator@0.1.32.0.3(transitive)

• + Addedes6-map@0.1.5(transitive)

• + Addedes6-set@0.1.6(transitive)

• + Addedes6-symbol@2.0.13.1.4(transitive)

• + Addedes6-weak-map@0.1.4(transitive)

• + Addedescope@2.0.7(transitive)

• + Addedesniff@2.0.1(transitive)

• + Addedesrecurse@1.2.0(transitive)

• + Addedevent-emitter@0.3.5(transitive)

• + Addedext@1.7.0(transitive)

• + Addedinvert-kv@1.0.0(transitive)

• + Addedis-fullwidth-code-point@1.0.0(transitive)

• + Addedisarray@0.0.1(transitive)

• + Addedlcid@1.0.0(transitive)

• + Addednext-tick@1.1.0(transitive)

• + Addednumber-is-nan@1.0.1(transitive)

• + Addedos-locale@1.4.0(transitive)

• + Addedreadable-stream@1.0.34(transitive)

• + Addedstring-width@1.0.2(transitive)

• + Addedstring_decoder@0.10.31(transitive)

• + Addedstrip-ansi@3.0.1(transitive)

• + Addedthrough2@0.6.5(transitive)

• + Addedtype@2.7.3(transitive)

• + Addedutil-extend@1.0.3(transitive)

• + Addedwindow-size@0.1.4(transitive)

• + Addedwrap-ansi@2.1.0(transitive)

• + Addedxtend@4.0.2(transitive)

• + Addedy18n@3.2.2(transitive)

• + Addedyargs@3.32.0(transitive)

• - Removedesprima-fb@^10001.1.0-dev-harmony-fb

• - Removedesrefactor@~0.1.0

• - Removedestraverse@~1.9.1

• - Removedescope@0.0.16(transitive)

• - Removedesprima@1.0.4(transitive)

• - Removedesprima-fb@10001.1.0-dev-harmony-fb(transitive)

• - Removedesrefactor@0.1.0(transitive)

• - Removedestraverse@0.0.4(transitive)

• - Removedyargs@1.3.3(transitive)

• Updatedyargs@^3.4.5