detect-node-support - npm Package Compare versions

Comparing version 1.4.2 to 1.5.0

lib/deps.js

@@ -34,3 +34,3 @@ 'use strict';
 
-        if (dep.root === dep) {
+        if (dep.isProjectRoot) {
             // root node is not a dep, really
@@ -45,3 +45,3 @@ continue;
 
-        if (!options.deep && ![...dep.edgesIn].some(({ from }) => from === arborist.idealTree)) {
+        if (!options.deep && ![...dep.edgesIn].some(({ from }) => from.isProjectRoot)) {
             continue;
@@ -48,0 +48,0 @@ }

lib/loader/repository.js

 'use strict';
 
 const GitUrlParse = require('git-url-parse');
-const Wreck = require('@hapi/wreck');
 
 const Logger = require('../logger');
+const OctokitWrapper = require('./octokit-wrapper');
 const Utils = require('../utils');
@@ -33,3 +33,3 @@
         },
-        loadFile: async (filename, options) => {
+        loadFile: async (filename, options = {}) => {
 
@@ -40,24 +40,38 @@ if (parsedRepository.source !== 'github.com') {
 
-            const url = `https://raw.githubusercontent.com/${parsedRepository.full_name}/HEAD/${filename}`;
-            Logger.log(['loader'], 'Loading: %s', url);
+            const resource = `${parsedRepository.full_name}:${filename}@HEAD`;
+            Logger.log(['loader'], 'Loading: %s', resource);
 
-            if (options === undefined && internals.cache.has(url)) {
-                Logger.log(['loader'], 'From cache: %s', url);
-                return internals.cache.get(url);
-            }
+            const octokit = OctokitWrapper.create();
 
             try {
-                const { payload } = await Wreck.get(url, options);
 
-                if (options === undefined) {
-                    internals.cache.set(url, payload);
+                let result;
+                if (internals.cache.has(resource)) {
+                    Logger.log(['loader'], 'From cache: %s', resource);
+                    result = internals.cache.get(resource);
                 }
+                else {
+                    result = await octokit.repos.getContent({
+                        owner: parsedRepository.owner,
+                        repo: parsedRepository.name,
+                        path: filename
+                    });
+                }
 
-                Logger.log(['loader'], 'Loaded: %s', url);
-                return payload;
+                internals.cache.set(resource, result);
+
+                Logger.log(['loader'], 'Loaded: %s', resource);
+
+                const content = Buffer.from(result.data.content, 'base64');
+
+                if (options.json) {
+                    return JSON.parse(content.toString());
+                }
+
+                return content;
             }
             catch (err) {
 
-                if (err.data && err.data.res.statusCode === 404) {
-                    Logger.log(['loader'], 'Not found: %s', url);
+                if (err.status === 404) {
+                    Logger.log(['loader'], 'Not found: %s', resource);
                     const error = new Error(`${repository} does not contain a ${filename}`);
@@ -68,3 +82,3 @@ error.code = 'ENOENT';
 
-                Logger.error(['loader'], 'Failed to load: %s', url);
+                Logger.error(['loader'], 'Failed to load: %s', resource);
                 throw err;
@@ -71,0 +85,0 @@ }

lib/package.js

@@ -48,3 +48,3 @@ 'use strict';
 
-    const packageJson = await loadFile('package.json', { json: 'force' });
+    const packageJson = await loadFile('package.json', { json: true });
 
@@ -51,0 +51,0 @@ const meta = {

package.json

 {
   "name": "detect-node-support",
-  "version": "1.4.2",
+  "version": "1.5.0",
   "description": "List the Node.js versions supported by the package/repository",
@@ -35,7 +35,8 @@ "bin": {
     "nock": "^13.0.0",
-    "sinon": "^9.0.0"
+    "sinon": "^10.0.0"
   },
   "dependencies": {
-    "@hapi/wreck": "^17.0.0",
-    "@npmcli/arborist": "^2.0.0",
+    "@npmcli/arborist": "^2.1.0",
+    "@octokit/plugin-throttling": "^3.2.2",
+    "@octokit/rest": "^18.0.0",
     "@pkgjs/nv": "0.1.0",
@@ -42,0 +43,0 @@ "debug": "^4.1.1",

README.md

@@ -7,2 +7,6 @@ # detect-node-support
 
+## Setup
+
+No setup is required, however if you do not have a `GH_TOKEN` environment limit, you will likely hit a request rate limit on Github API, which may result in very long wait times for retries.
+
 ## Usage (command line)
@@ -9,0 +13,0 @@

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

28708

increased by5.55%

Number of package files

19

increased by5.56%

Lines of code

545

increased by6.65%

Number of lines in readme file

151

increased by2.72%

Worsened metrics

Dependency count

11

increased by10%

Number of low supply chain risk alerts

4

increased by33.33%

Dependency changes

• + Added@octokit/plugin-throttling@^3.2.2

• + Added@octokit/rest@^18.0.0

• + Added@octokit/auth-token@2.5.0(transitive)

• + Added@octokit/core@3.6.0(transitive)

• + Added@octokit/endpoint@6.0.12(transitive)

• + Added@octokit/graphql@4.8.0(transitive)

• + Added@octokit/openapi-types@12.11.0(transitive)

• + Added@octokit/plugin-paginate-rest@2.21.3(transitive)

• + Added@octokit/plugin-request-log@1.0.4(transitive)

• + Added@octokit/plugin-rest-endpoint-methods@5.16.2(transitive)

• + Added@octokit/plugin-throttling@3.7.0(transitive)

• + Added@octokit/request@5.6.3(transitive)

• + Added@octokit/request-error@2.1.0(transitive)

• + Added@octokit/rest@18.12.0(transitive)

• + Added@octokit/types@6.41.0(transitive)

• + Addedbefore-after-hook@2.2.3(transitive)

• + Addedbottleneck@2.19.5(transitive)

• + Addeddeprecation@2.3.1(transitive)

• + Addedis-plain-object@5.0.0(transitive)

• + Addednode-fetch@2.7.0(transitive)

• + Addedtr46@0.0.3(transitive)

• + Addeduniversal-user-agent@6.0.1(transitive)

• + Addedwebidl-conversions@3.0.1(transitive)

• + Addedwhatwg-url@5.0.0(transitive)

• - Removed@hapi/wreck@^17.0.0

• Updated@npmcli/arborist@^2.1.0