detective - npm Package Compare versions

Comparing version 4.2.0 to 4.3.0

index.js

 var acorn = require('acorn');
 var walk = require('acorn/dist/walk');
-var escodegen = require('escodegen');
 var defined = require('defined');
@@ -51,7 +50,8 @@
             if (node.arguments.length) {
-                if (node.arguments[0].type === 'Literal') {
-                    modules.strings.push(node.arguments[0].value);
+                var arg = node.arguments[0];
+                if (arg.type === 'Literal') {
+                    modules.strings.push(arg.value);
                 }
                 else {
-                    modules.expressions.push(escodegen.generate(node.arguments[0]));
+                    modules.expressions.push(src.slice(arg.start, arg.end));
                 }
@@ -58,0 +58,0 @@ }

package.json

 {
   "name": "detective",
   "description": "find all require() calls by walking the AST",
-  "version": "4.2.0",
+  "version": "4.3.0",
   "repository": {
@@ -21,4 +21,3 @@ "type": "git",
     "acorn": "^1.0.3",
-    "defined": "^1.0.0",
-    "escodegen": "^1.4.1"
+    "defined": "^1.0.0"
   },
@@ -25,0 +24,0 @@ "devDependencies": {

test/files/both.js

 require('a');
 require('b');
-require('c'+x);
-var moo = require('d'+y).moo;
+require('c' + x);
+var moo = require('d' + y).moo;

New alerts

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Dependency count

2

decreased by-33.33%

Worsened metrics

Total package byte prevSize

16735

decreased by-0.31%

Dependency changes

• - Removedescodegen@^1.4.1

• - Removeddeep-is@0.1.4(transitive)

• - Removedescodegen@1.14.3(transitive)

• - Removedesprima@4.0.1(transitive)

• - Removedestraverse@4.3.0(transitive)

• - Removedesutils@2.0.3(transitive)

• - Removedfast-levenshtein@2.0.6(transitive)

• - Removedlevn@0.3.0(transitive)

• - Removedoptionator@0.8.3(transitive)

• - Removedprelude-ls@1.1.2(transitive)

• - Removedsource-map@0.6.1(transitive)

• - Removedtype-check@0.3.2(transitive)

• - Removedword-wrap@1.2.5(transitive)