dotcom-tool-kit
Advanced tools
dotcom-tool-kit - npm Package Compare versions
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"rc-file.d.ts","sourceRoot":"","sources":["../src/rc-file.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAA;AAErD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAA;AA0BrC,eAAO,MAAM,kBAAkB,uBAAuB,CAAA;AACtD,eAAO,MAAM,qBAAqB,2BAA2B,CAAA;AAoB7D,wBAAsB,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAsEjF"} | ||
| {"version":3,"file":"rc-file.d.ts","sourceRoot":"","sources":["../src/rc-file.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAA;AAErD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAA;AA0BrC,eAAO,MAAM,kBAAkB,uBAAuB,CAAA;AACtD,eAAO,MAAM,qBAAqB,2BAA2B,CAAA;AA6B7D,wBAAsB,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAwEjF"} |
+12
-1
@@ -39,2 +39,11 @@ "use strict"; | ||
| }; | ||
| const toolKitEnv = { | ||
| identify: () => false, | ||
| tag: '!toolkit/env', | ||
| // we return the value of the environment variable here, even if it's | ||
| // undefined. this undefined value will usually be handled during option | ||
| // validation (e.g., converting to a default value if one is specified in | ||
| // the Zod schema.) | ||
| resolve: (envVar) => process.env[envVar] | ||
| }; | ||
| async function loadToolKitRC(logger, root) { | ||
@@ -54,3 +63,5 @@ const configPath = path.join(root, '.toolkitrc.yml'); | ||
| } | ||
| const configDoc = YAML.parseDocument(rawConfig, { customTags: [toolKitOption, toolKitIfDefined] }); | ||
| const configDoc = YAML.parseDocument(rawConfig, { | ||
| customTags: [toolKitOption, toolKitIfDefined, toolKitEnv] | ||
| }); | ||
| // go back and search for the parsed if-defined tag and include a string | ||
@@ -57,0 +68,0 @@ // identifier so we can resolve all the tags in a JS object once we've loaded |
+2
-2
| { | ||
| "name": "dotcom-tool-kit", | ||
| "version": "5.1.0", | ||
| "version": "5.2.0-beta.1", | ||
| "description": "modern, maintainable, modular developer tooling for FT.com projects", | ||
@@ -63,2 +63,2 @@ "author": "FT.com Platforms Team <platforms-team.customer-products@ft.com>", | ||
| } | ||
| } | ||
| } |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
107721
0.38%- Lines of code
1717
0.64%Worsened metrics
- Number of low quality alerts
1
Infinity%- Number of low supply chain risk alerts
5
25%