extract-zip - npm Package Compare versions

Comparing version 1.6.4 to 1.6.5

index.js

@@ -60,3 +60,3 @@ var fs = require('fs')
 
-        fs.realpath(destDir, function (err, canonicalDestDir) {
+        mkdirp(destDir, function (err) {
           if (err) {
@@ -68,12 +68,3 @@ cancelled = true
 
-          var relativeDestDir = path.relative(opts.dir, canonicalDestDir)
-
-          if (relativeDestDir.split(path.sep).indexOf('..') !== -1) {
-            cancelled = true
-            zipfile.close()
-            return cb(new Error('Out of bound path "' + canonicalDestDir + '" found while processing file ' + entry.fileName))
-          }
-
-          extractEntry(entry, function (err) {
-            // if any extraction fails then abort everything
+          fs.realpath(destDir, function (err, canonicalDestDir) {
             if (err) {
@@ -84,4 +75,21 @@ cancelled = true
             }
-            debug('finished processing', entry.fileName)
-            zipfile.readEntry()
+
+            var relativeDestDir = path.relative(opts.dir, canonicalDestDir)
+
+            if (relativeDestDir.split(path.sep).indexOf('..') !== -1) {
+              cancelled = true
+              zipfile.close()
+              return cb(new Error('Out of bound path "' + canonicalDestDir + '" found while processing file ' + entry.fileName))
+            }
+
+            extractEntry(entry, function (err) {
+              // if any extraction fails then abort everything
+              if (err) {
+                cancelled = true
+                zipfile.close()
+                return cb(err)
+              }
+              debug('finished processing', entry.fileName)
+              zipfile.readEntry()
+            })
           })
@@ -88,0 +96,0 @@ })

package.json

 {
   "name": "extract-zip",
-  "version": "1.6.4",
+  "version": "1.6.5",
   "description": "unzip a zip file into a directory using 100% javascript",
@@ -14,6 +14,3 @@ "main": "index.js",
   "license": "BSD-2-Clause",
-  "repository": {
-    "type": "git",
-    "url": "git+ssh://git@github.com/erisds/extract-zip-fork.git"
-  },
+  "repository": "maxogden/extract-zip",
   "keywords": [
@@ -24,6 +21,2 @@ "unzip",
   ],
-  "bugs": {
-    "url": "https://github.com/maxogden/extract-zip/issues"
-  },
-  "homepage": "https://github.com/maxogden/extract-zip",
   "dependencies": {
@@ -38,3 +31,4 @@ "concat-stream": "1.6.0",
     "standard": "^5.2.2",
-    "tape": "^4.2.0"
+    "tape": "^4.2.0",
+    "temp": "^0.8.3"
   },
@@ -41,0 +35,0 @@ "directories": {

readme.md

@@ -9,2 +9,3 @@ # extract-zip
 [![js-standard-style](https://cdn.rawgit.com/feross/standard/master/badge.svg)](https://github.com/feross/standard)
+[![Build Status](https://travis-ci.org/maxogden/extract-zip.svg?branch=master)](https://travis-ci.org/maxogden/extract-zip)
 
@@ -11,0 +12,0 @@ ## Installation

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

No bug tracker

Maintenance

Package does not have a linked bug tracker in package.json.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

No website

Quality

Package does not have a website.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

9100

increased by2.17%

Lines of code

183

increased by3.98%

Number of lines in readme file

50

increased by2.04%

Worsened metrics

Dev dependency count

4

increased by33.33%

Number of low maintenance alerts

1

increased byInfinity%

Number of low quality alerts

1

increased byInfinity%

Number of low supply chain risk alerts

2

increased by100%

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes