dpdm-fast - npm Package Compare versions

Comparing version 1.0.5 to 1.0.6

package.json

 {
   "name": "dpdm-fast",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "private": false,
@@ -38,7 +38,6 @@ "description": "Analyze circular dependencies in your JavaScript/TypeScript projects with Rust.",
     "target/x86_64-unknown-linux-musl/release/dpdm",
-    "target/x86_64-pc-windows-gnu/release/dpdm",
-    "target/aarch64-pc-windows-gnu/release/dpdm"
+    "target/x86_64-pc-windows-gnu/release/dpdm"
   ],
   "bin": {
-    "dpdm": "target/release/dpdm"
+    "dpdm": "scripts/dpdm.js"
   },
@@ -63,4 +62,3 @@ "sideEffects": [
     "test": "echo 'Pass'",
-    "demo": "tsx ./src/bin/dpdm.ts -T ./example/index.js",
-    "postinstall": "node scripts/dpdm.js"
+    "demo": "tsx ./src/bin/dpdm.ts -T ./example/index.js"
   },
@@ -67,0 +65,0 @@ "repository": {

scripts/dpdm.js

@@ -1,4 +0,6 @@
-const fs = require('fs');
+#!/usr/bin/env node
+
 const path = require('path');
 const os = require('os');
+const { spawn } = require('child_process');
 
@@ -12,36 +14,25 @@ const platform = os.platform();
   'darwin-arm64': 'aarch64-apple-darwin',
-  // 'darwin-x64': 'x86_64-apple-darwin',
+  'darwin-x64': 'x86_64-apple-darwin',
   'linux-arm64': 'aarch64-unknown-linux-musl',
   'linux-x64': 'x86_64-unknown-linux-musl',
-  'win32-x64': 'x86_64-pc-windows-gnu',
-  'win32-arm64': 'aarch64-pc-windows-gnu',
+  'win32-x64': 'x86_64-pc-windows-gnu'
 };
 
-const binName = platform === 'win32' ? 'dpdm.exe' : 'dpdm';
-
 const sourceDir = path.join(__dirname, '../target', keyStore[key], 'release');
-const sourceFile = path.join(sourceDir, binName);
+const binFile = path.join(
+  sourceDir,
+  platform === 'win32' ? 'dpdm.exe' : 'dpdm',
+);
 
-const targetDir = path.join(__dirname, '../target', 'release');
-const targetFile = path.join(targetDir, binName);
+const args = process.argv.slice(2);
 
-if (!fs.existsSync(targetDir)) {
-  fs.mkdirSync(targetDir, { recursive: true });
-}
-fs.copyFile(sourceFile, targetFile, (err) => {
-  if (err) {
-    console.error('Copy failed:', err);
-  }
+const child = spawn(binFile, args, { stdio: 'inherit' });
+
+child.on('close', (code) => {
+  process.exit(code);
 });
 
-if (platform === 'win32') {
-  const packageJson = path.join(__dirname, '../package.json');
-  const packageJsonContent = fs.readFileSync(packageJson, 'utf8');
-  const packageJsonObj = JSON.parse(packageJsonContent);
-  packageJsonObj.bin = binName;
-  fs.writeFileSync(
-    packageJson,
-    JSON.stringify(packageJsonObj, null, 2),
-    'utf8',
-  );
-}
+child.on('error', (error) => {
+  console.error(`Failed to execute ${binFile}: ${error.message}`);
+  process.exit(error.code);
+});

New alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Fixed alerts

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Number of high supply chain risk alerts

0

decreased by-100%

Number of low supply chain risk alerts

16

decreased by-5.88%

Worsened metrics

Total package byte prevSize

40942889

Lines of code

2734

decreased by-0.36%

Number of medium supply chain risk alerts

6

increased by20%

No dependency changes