esbuild
Advanced tools
Comparing version 0.0.13 to 0.0.14
@@ -17,2 +17,13 @@ const fs = require('fs'); | ||
// Clone the environment without "npm_" environment variables. If we don't do | ||
// this, invoking this script via "npm install -g esbuild" will hang because | ||
// our call to "npm install" below will magically be transformed into | ||
// "npm install -g" and, I assume, deadlock waiting for the global lock. | ||
const env = {}; | ||
for (const key in process.env) { | ||
if (!key.startsWith('npm_')) { | ||
env[key] = process.env[key]; | ||
} | ||
} | ||
// Run "npm install" recursively to install this specific package | ||
@@ -23,3 +34,3 @@ const tempDir = path.join(__dirname, '.temp'); | ||
child_process.execSync(`npm install --silent --prefer-offline --no-audit --progress=false ${package}@${version}`, | ||
{ cwd: tempDir, stdio: 'inherit' }); | ||
{ cwd: tempDir, stdio: 'inherit', env }); | ||
@@ -39,3 +50,2 @@ // Move the installed files into the node_modules folder we're in | ||
moveFilesRecursive(sourceEntry, targetEntry); | ||
fs.rmdirSync(sourceEntry); | ||
} else if (entry !== 'package.json') { | ||
@@ -47,2 +57,3 @@ fs.renameSync(sourceEntry, targetEntry); | ||
} | ||
fs.rmdirSync(source); | ||
} |
{ | ||
"name": "esbuild", | ||
"version": "0.0.13", | ||
"version": "0.0.14", | ||
"description": "An extremely fast JavaScript bundler and minifier.", | ||
@@ -5,0 +5,0 @@ "repository": "https://github.com/evanw/esbuild", |
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
2199
50
3