detect-package-manager - npm Package Compare versions

Comparing version 1.1.0 to 2.0.0

package.json

 {
   "name": "detect-package-manager",
-  "version": "1.1.0",
+  "version": "2.0.0",
   "description": "Detect which package manager you're using (yarn or npm)",
@@ -9,5 +9,12 @@ "repository": {
   },
-  "main": "index.js",
+  "main": "dist/index.js",
+  "module": "dist/index.mjs",
+  "exports": {
+    ".": {
+      "require": "./dist/index.js",
+      "default": "./dist/index.mjs"
+    }
+  },
   "files": [
-    "index.js"
+    "dist"
   ],
@@ -19,7 +26,9 @@ "keywords": [
     "detect",
-    "check"
+    "check",
+    "pnpm"
   ],
   "scripts": {
-    "test": "npm run lint && ava",
-    "lint": "xo"
+    "build": "tsup src/index.ts --format esm,cjs --dts",
+    "test": "node -r sucrase/register test.ts",
+    "prepublishOnly": "npm run build"
   },
@@ -29,13 +38,15 @@ "author": "egoist <0x142857@gmail.com>",
   "dependencies": {
-    "execa": "^0.8.0",
-    "path-exists": "^3.0.0"
+    "execa": "^5.1.1"
   },
   "devDependencies": {
-    "ava": "^0.21.0",
-    "eslint-config-rem": "^3.0.0",
-    "xo": "^0.18.0"
+    "@types/node": "^16.11.4",
+    "ava": "^3.15.0",
+    "sucrase": "^3.20.3",
+    "tsup": "^5.4.4",
+    "typescript": "^4.4.4",
+    "uvu": "^0.5.2"
   },
-  "xo": {
-    "extends": "rem"
+  "engines": {
+    "node": ">=12"
   }
 }

README.md

@@ -8,5 +8,5 @@
 
-1. When there's `yarn.lock` or `package-lock.json` in current working directory, it will skip other operations and directly resolves `yarn` or `npm`
-2. When there's no lockfile was found, it checks if `yarn` command exists. If so it resolves `yarn` otherwise `npm`
-3. Results are cached
+1. When there's `yarn.lock`, `package-lock.json`, or `pnpm-lock.yaml` in current working directory, it will skip other operations and directly resolve `yarn`, `npm`, or `pnpm`.
+2. When there's no lockfile found, it checks if `yarn` and `pnpm` command exists. If so, it resolves `yarn` or `pnpm` otherwise `npm`.
+3. Results are cached.
 
@@ -22,8 +22,8 @@ ## Install
 ```js
-const detectPackageManager = require('detect-package-manager')
+const { detect } = require('detect-package-manager')
 
-detectPackageManager()
+detect()
   .then(pm => {
     console.log(pm)
-    //=> 'yarn' or 'npm'
+    //=> 'yarn', 'npm', or 'pnpm'
   })
@@ -34,25 +34,22 @@ ```
 
-### detectPackageManager([opts])
+### detect([opts])
 
-Return: `Promise<pm>`
+- Arguments:
+  - `opts.cwd`: `string` Optional, defaults to `.`, the directory to look up `yarn.lock`, `package-lock.json`, or `pnpm-lock.yaml`.
+- Returns: `Promise<PM>`
 
-It returns a Promise resolving the name of package manager, could be either `npm` or `yarn`.
+It returns a Promise resolving the name of package manager, could be `npm`, `yarn`, or `pnpm`.
 
-#### opts
+### getNpmVersion([pm])
 
-##### cwd
+- Arguments:
+  - `pm`: `string` Optional, defaults to `npm`, could be `npm`, `yarn`, or `pnpm`
+- Returns: `Promise<string>`
 
-Type: `string`<br>
-Default: `.`
+It returns a Promise resolving the version of npm or the package manager you specified.
 
-The directory to look up `yarn.lock` or `package-lock.json`.
+### clearCache()
 
-### detectPackageManager.npmVersion()
+- Returns: `void`
 
-Return: `Promise<version>`
-
-It returns a Promise resolving the version of npm.
-
-### detectPackageManager.clearCache()
-
 Clear cache.
@@ -59,0 +56,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

9710

increased by82.42%

Dependency count

1

decreased by-50%

Number of package files

6

increased by50%

Lines of code

186

increased by332.56%

Worsened metrics

Dev dependency count

6

increased by100%

Number of lines in readme file

69

decreased by-4.17%

Number of low supply chain risk alerts

2

increased byInfinity%

Number of medium supply chain risk alerts

2

increased byInfinity%

Dependency changes

• + Addedcross-spawn@7.0.5(transitive)

• + Addedexeca@5.1.1(transitive)

• + Addedget-stream@6.0.1(transitive)

• + Addedhuman-signals@2.1.0(transitive)

• + Addedis-stream@2.0.1(transitive)

• + Addedmerge-stream@2.0.0(transitive)

• + Addedmimic-fn@2.1.0(transitive)

• + Addednpm-run-path@4.0.1(transitive)

• + Addedonetime@5.1.2(transitive)

• + Addedpath-key@3.1.1(transitive)

• + Addedshebang-command@2.0.0(transitive)

• + Addedshebang-regex@3.0.0(transitive)

• + Addedstrip-final-newline@2.0.0(transitive)

• + Addedwhich@2.0.2(transitive)

• - Removedpath-exists@^3.0.0

• - Removedcross-spawn@5.1.0(transitive)

• - Removedexeca@0.8.0(transitive)

• - Removedget-stream@3.0.0(transitive)

• - Removedis-stream@1.1.0(transitive)

• - Removedlru-cache@4.1.5(transitive)

• - Removednpm-run-path@2.0.2(transitive)

• - Removedp-finally@1.0.0(transitive)

• - Removedpath-exists@3.0.0(transitive)

• - Removedpath-key@2.0.1(transitive)

• - Removedpseudomap@1.0.2(transitive)

• - Removedshebang-command@1.2.0(transitive)

• - Removedshebang-regex@1.0.0(transitive)

• - Removedstrip-eof@1.0.0(transitive)

• - Removedwhich@1.3.1(transitive)

• - Removedyallist@2.1.2(transitive)

• Updatedexeca@^5.1.1