fetch-ponyfill
Advanced tools
fetch-ponyfill - npm Package Compare versions
Comparing version 0.3.2 to 0.4.0
@@ -5,5 +5,5 @@ 'use strict'; | ||
| '"use strict"', | ||
| 'var window = {};', | ||
| require('fs').readFileSync(__dirname + '/node_modules/fetch/fetch.js', 'utf8'), | ||
| 'return window.fetch;' | ||
| 'var self = {};', | ||
| require('fs').readFileSync(__dirname + '/fetch.js', 'utf8'), | ||
| 'return self.fetch;' | ||
| ].join('\n'); | ||
@@ -10,0 +10,0 @@ |
| { | ||
| "name": "fetch-ponyfill", | ||
| "version": "0.3.2", | ||
| "version": "0.4.0", | ||
| "description": "A ponyfill (doesn't overwrite the native fetch) for the Fetch specification https://fetch.spec.whatwg.org.", | ||
@@ -16,4 +16,9 @@ "main": "index.js", | ||
| "dependencies": { | ||
| "fetch": "git://github.com/github/fetch#v0.3.2" | ||
| "brfs": "1.2.0" | ||
| }, | ||
| "browserify": { | ||
| "transform": [ | ||
| "brfs" | ||
| ] | ||
| } | ||
| } |
@@ -27,16 +27,1 @@ # Fetch Ponyfill | ||
| | `XMLHttpRequest` | The XMLHttpRequest constructor. This is useful to feed in when working with Firefox OS. Defaults to `window.XMLHttpRequest`. | | ||
| ## Warning | ||
| This module currently wraps [github/fetch](https://github.com/github/fetch) by tricking it into | ||
| leaving the window object alone by loading the source as a string and wrapping it in a | ||
| `new Function`. This means that: | ||
| - `brfs` must be used. | ||
| - `npm dedupe` should be avoided, since browserify and thus brfs do not have access to | ||
| `require.resolve` and `dedupe` may move fetch. See | ||
| [here](https://github.com/substack/brfs/issues/13). | ||
| I don't currently have time to support and keep a fork of fetch up to date with the spec as it | ||
| evolves. By wrapping fetch, I avoid that effort. However, the above restrictions may mean that in | ||
| the future I switch to a proper fork. |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Git dependency
Supply chain riskContains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by101.71%
8730
- Number of package files
- increased by20%
6
- Lines of code
- increased by1450%
186
- Number of high supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Number of lines in readme file
- decreased by-35.71%
27
Dependency changes
+ Addedbrfs@1.2.0
+ Addedacorn@7.4.1(transitive)
+ Addedamdefine@1.0.1(transitive)
+ Addedbrfs@1.2.0(transitive)
+ Addedbuffer-from@1.1.2(transitive)
+ Addedconcat-stream@1.6.2(transitive)
+ Addedcore-util-is@1.0.3(transitive)
+ Addedduplexer2@0.0.2(transitive)
+ Addedescodegen@0.0.281.3.3(transitive)
+ Addedesprima@1.0.41.1.1(transitive)
+ Addedestraverse@1.3.21.5.1(transitive)
+ Addedesutils@1.0.0(transitive)
+ Addedfalafel@2.2.5(transitive)
+ Addedhas@1.0.4(transitive)
+ Addedinherits@2.0.4(transitive)
+ Addedisarray@0.0.11.0.02.0.5(transitive)
+ Addedminimist@0.0.8(transitive)
+ Addedobject-inspect@0.4.0(transitive)
+ Addedobject-keys@0.4.0(transitive)
+ Addedprocess-nextick-args@2.0.1(transitive)
+ Addedquote-stream@0.0.0(transitive)
+ Addedreadable-stream@1.0.341.1.142.3.8(transitive)
+ Addedsafe-buffer@5.1.2(transitive)
+ Addedshallow-copy@0.0.1(transitive)
+ Addedsource-map@0.1.43(transitive)
+ Addedstatic-eval@0.2.4(transitive)
+ Addedstatic-module@1.5.0(transitive)
+ Addedstring_decoder@0.10.311.1.1(transitive)
+ Addedthrough2@0.4.2(transitive)
+ Addedtypedarray@0.0.6(transitive)
+ Addedutil-deprecate@1.0.2(transitive)
+ Addedxtend@2.1.2(transitive)