detective - npm Package Compare versions
Comparing version 0.0.0 to 0.0.1
@@ -1,2 +0,2 @@ | ||
| var detective = require('../'); | ||
| var detective = require('detective'); | ||
| var fs = require('fs'); | ||
@@ -3,0 +3,0 @@ |
17
index.js
@@ -25,4 +25,21 @@ var burrito = require('burrito'); | ||
| } | ||
| var isDotRequire = (node.name === 'dot' || node.name === 'call') | ||
| && node.value[0][0] === 'call' | ||
| && node.value[0][1][0] === 'name' | ||
| && node.value[0][1][1] === 'require' | ||
| ; | ||
| if (isDotRequire) { | ||
| var expr = node.value[0][2][0]; | ||
| if (expr[0].name === 'string') { | ||
| modules.strings.push(expr[1]); | ||
| } | ||
| else { | ||
| modules.expressions.push(burrito.deparse(expr)); | ||
| } | ||
| } | ||
| }); | ||
| return modules; | ||
| }; |
| { | ||
| "name" : "detective", | ||
| "description" : "Find all calls to require() no matter how crazily nested using a proper walk of the AST", | ||
| "version" : "0.0.0", | ||
| "version" : "0.0.1", | ||
| "repository" : { | ||
@@ -6,0 +6,0 @@ "type" : "git", |
@@ -9,3 +9,3 @@ var assert = require('assert'); | ||
| assert.deepEqual(modules.strings, [ 'a', 'b' ]); | ||
| assert.deepEqual(modules.expressions, [ '"c"+x' ]); | ||
| assert.deepEqual(modules.expressions, [ '"c"+x', '"d"+y' ]); | ||
| }; |
| require('a'); | ||
| require('b'); | ||
| require('c'+x); | ||
| var moo = require('d'+y).moo; |
@@ -1,3 +0,11 @@ | ||
| require('a'); | ||
| require('b'); | ||
| require('c'); | ||
| var a = require('a'); | ||
| var b = require('b'); | ||
| var c = require('c'); | ||
| var abc = a.b(c); | ||
| var EventEmitter = require('events').EventEmitter; | ||
| var x = require('doom')(5,6,7); | ||
| x(8,9); | ||
| c.require('notthis'); | ||
| var y = require('y') * 100; |
@@ -7,3 +7,3 @@ var assert = require('assert'); | ||
| exports.single = function () { | ||
| assert.deepEqual(detective(src), [ 'a', 'b', 'c' ]); | ||
| assert.deepEqual(detective(src), [ 'a', 'b', 'c', 'events', 'doom', 'y' ]); | ||
| }; |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by6.08%
13771
- Lines of code
- increased by7.22%
312
Worsened metrics
- Number of low supply chain risk alerts
- increased by16.67%
7