detective - npm Package Compare versions

Comparing version 5.1.0 to 5.2.0

CHANGELOG.md

@@ -5,2 +5,5 @@ # detective Change Log
 
+## 5.2.0 - 2019-01-28
+* Use acorn-node's option defaults, adds support for new ES features (https://github.com/browserify/detective/pull/81)
+
 ## 5.1.0 - 2018-02-28
@@ -7,0 +10,0 @@ * Use acorn-node parser, which matches latest Node syntax support (https://github.com/browserify/detective/pull/78)

index.js

@@ -9,16 +9,16 @@ var acorn = require('acorn-node');
     if (!opts) opts = {};
-    return acorn.parse(src, {
-        ecmaVersion: defined(opts.ecmaVersion, 9),
-        sourceType: defined(opts.sourceType, 'script'),
+    var acornOpts = {
         ranges: defined(opts.ranges, opts.range),
         locations: defined(opts.locations, opts.loc),
         allowReserved: defined(opts.allowReserved, true),
-        allowReturnOutsideFunction: defined(
-            opts.allowReturnOutsideFunction, true
-        ),
-        allowImportExportEverywhere: defined(
-            opts.allowImportExportEverywhere, true
-        ),
-        allowHashBang: defined(opts.allowHashBang, true)
-    });
+        allowImportExportEverywhere: defined(opts.allowImportExportEverywhere, false)
+    };
+
+    // Use acorn-node's defaults for the rest.
+    if (opts.ecmaVersion != null) acornOpts.ecmaVersion = opts.ecmaVersion;
+    if (opts.sourceType != null) acornOpts.sourceType = opts.sourceType;
+    if (opts.allowHashBang != null) acornOpts.allowHashBang = opts.allowHashBang;
+    if (opts.allowReturnOutsideFunction != null) acornOpts.allowReturnOutsideFunction = opts.allowReturnOutsideFunction;
+
+    return acorn.parse(src, acornOpts);
 }
@@ -25,0 +25,0 @@

package.json

 {
   "name": "detective",
   "description": "find all require() calls by walking the AST",
-  "version": "5.1.0",
+  "version": "5.2.0",
   "author": {
@@ -12,3 +12,3 @@ "name": "James Halliday",
   "dependencies": {
-    "acorn-node": "^1.3.0",
+    "acorn-node": "^1.6.1",
     "defined": "^1.0.0",
@@ -15,0 +15,0 @@ "minimist": "^1.1.1"

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

20571

increased by5.01%

Number of package files

44

increased by7.32%

Lines of code

473

increased by4.42%

Worsened metrics

Number of low supply chain risk alerts

24

increased by14.29%

Dependency changes

• Updatedacorn-node@^1.6.1