esbuild
Advanced tools
Comparing version 0.0.13 to 0.0.14
@@ -17,2 +17,13 @@ const fs = require('fs'); | ||
| // Clone the environment without "npm_" environment variables. If we don't do | ||
| // this, invoking this script via "npm install -g esbuild" will hang because | ||
| // our call to "npm install" below will magically be transformed into | ||
| // "npm install -g" and, I assume, deadlock waiting for the global lock. | ||
| const env = {}; | ||
| for (const key in process.env) { | ||
| if (!key.startsWith('npm_')) { | ||
| env[key] = process.env[key]; | ||
| } | ||
| } | ||
| // Run "npm install" recursively to install this specific package | ||
@@ -23,3 +34,3 @@ const tempDir = path.join(__dirname, '.temp'); | ||
| child_process.execSync(`npm install --silent --prefer-offline --no-audit --progress=false ${package}@${version}`, | ||
| { cwd: tempDir, stdio: 'inherit' }); | ||
| { cwd: tempDir, stdio: 'inherit', env }); | ||
@@ -39,3 +50,2 @@ // Move the installed files into the node_modules folder we're in | ||
| moveFilesRecursive(sourceEntry, targetEntry); | ||
| fs.rmdirSync(sourceEntry); | ||
| } else if (entry !== 'package.json') { | ||
@@ -47,2 +57,3 @@ fs.renameSync(sourceEntry, targetEntry); | ||
| } | ||
| fs.rmdirSync(source); | ||
| } |
| { | ||
| "name": "esbuild", | ||
| "version": "0.0.13", | ||
| "version": "0.0.14", | ||
| "description": "An extremely fast JavaScript bundler and minifier.", | ||
@@ -5,0 +5,0 @@ "repository": "https://github.com/evanw/esbuild", |
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Improved metrics
- Total package byte prevSize
- increased by23.33%
2199
- Lines of code
- increased by25%
50
Worsened metrics
- Number of low supply chain risk alerts
- increased by200%
3
No dependency changes