exec-sync - npm Package Compare versions

Comparing version 0.1.0 to 0.1.1

bin/index.js

 (function() {
-  var FFI, fs, libc, uniqId, uniqIdK;
+  var FFI, fs, libc, tmpDir, uniqId, uniqIdK;
 
@@ -19,9 +19,26 @@ FFI = require("node-ffi");
 
+  tmpDir = function() {
+    var dir, name, _i, _len, _ref;
+    _ref = ['TMPDIR', 'TMP', 'TEMP'];
+    for (_i = 0, _len = _ref.length; _i < _len; _i++) {
+      name = _ref[_i];
+      if (process.env[name] != null) {
+        dir = process.env[name];
+        if (dir.charAt(dir.length - 1) === '/') {
+          return dir.substr(0, dir.length - 1);
+        }
+        return dir;
+      }
+    }
+    return '/tmp';
+  };
+
   module.exports = function(cmd) {
-    var result, tmp;
+    var dir, result, tmp;
     tmp = uniqId() + '.tmp';
-    cmd = "" + cmd + " > " + __dirname + "/" + tmp;
+    dir = tmpDir();
+    cmd = "" + cmd + " > " + dir + "/" + tmp;
     libc.system(cmd);
-    result = fs.readFileSync("" + __dirname + "/" + tmp);
-    fs.unlinkSync("" + __dirname + "/" + tmp);
+    result = fs.readFileSync("" + dir + "/" + tmp);
+    fs.unlinkSync("" + dir + "/" + tmp);
     result = "" + result;
@@ -28,0 +45,0 @@ if (result.charAt(result.length - 1) === "\n") {

package.json

 {
     "name": "exec-sync",
-    "version": "0.1.0",
+    "version": "0.1.1",
     "description": "Execute shell command synchronously. Use this for migration scripts, cli programs, but not for regular server code.",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

4967

increased by19.49%

Lines of code

42

increased by61.54%

Worsened metrics

Number of low supply chain risk alerts

3

increased by200%

No dependency changes