flavor-manager
Advanced tools
flavor-manager - npm Package Compare versions
Comparing version 1.0.0 to 1.1.0
| { | ||
| "name": "flavor-manager", | ||
| "version": "1.0.0", | ||
| "version": "1.1.0", | ||
| "description": "", | ||
@@ -8,3 +8,5 @@ "main": "src/index.js", | ||
| "scripts": { | ||
| "test": "snyk test" | ||
| "test": "snyk test", | ||
| "snyk-protect": "snyk protect", | ||
| "prepare": "npm run snyk-protect" | ||
| }, | ||
@@ -14,5 +16,6 @@ "author": "Fabio Cigliano <fabio.cigliano@gmail.com> (http://fabio.cigliano.name)", | ||
| "dependencies": { | ||
| "mkdirp": "^0.5.1", | ||
| "regex-replace-file": "^2.1.1", | ||
| "scandir": "^0.1.2", | ||
| "yargs": "^12.0.5" | ||
| "yargs": "^12.0.5", | ||
| "snyk": "^1.90.0" | ||
| }, | ||
@@ -22,5 +25,4 @@ "bin": { | ||
| }, | ||
| "devDependencies": { | ||
| "snyk": "^1.90.0" | ||
| } | ||
| "devDependencies": {}, | ||
| "snyk": true | ||
| } |
| const path = require('path') | ||
| const fs = require('fs') | ||
| const assert = require('assert') | ||
| const regexReplace = require('regex-replace-file') | ||
@@ -19,3 +21,16 @@ const rollback = require('./rollback') | ||
| const r = rollback.create(flavor) | ||
| const patchList = [] | ||
| // filter out files like example.patch.json | ||
| fileList = fileList.filter(filename => { | ||
| if (filename.endsWith('patch.json')) { | ||
| patchList.push(filename) | ||
| return false | ||
| } | ||
| return true | ||
| }) | ||
| // copy flavor file and structure | ||
| fileList.forEach(async file => { | ||
@@ -49,2 +64,46 @@ const sourceFile = path.join(sourceDir, file) | ||
| // apply patches | ||
| patchList.forEach(async file => { | ||
| console.info(`* apply patch ${file}`) | ||
| let data | ||
| let targetFile | ||
| let terms | ||
| try { | ||
| data = fs.readFileSync(path.join(sourceDir, file), {encoding: 'utf-8'}) | ||
| data = JSON.parse(data) | ||
| assert(data.file, 'missing patch.file attribute') | ||
| targetFile = path.join(targetDir, data.file) | ||
| assert(fs.existsSync(targetFile), `missing target file ${targetFile}`) | ||
| assert(data.replace, 'missing patch.replace attribute') | ||
| assert(data.replace.length > 0, 'missing patch.replace content') | ||
| terms = data.replace | ||
| } catch (err) { | ||
| console.error(`invalid patch file ${file}`, err) | ||
| return | ||
| } | ||
| for (var i = 0; i < terms.length; i++) { | ||
| let {search, replace} = terms[i] | ||
| // console.log(search, replace) | ||
| const m = /\$\((.*)\)/.exec(replace) | ||
| if (m) { | ||
| replace = eval(m[1]) | ||
| } | ||
| console.log(`* replace ${search} with ${replace} within ${data.file}`) | ||
| try { | ||
| await regexReplace(search, replace, targetFile, { | ||
| filenamesOnly: false, | ||
| fileContentsOnly: true | ||
| }) | ||
| } catch (err) { | ||
| console.error('err > regexReplace', err) | ||
| } | ||
| } | ||
| }) | ||
| return r.close() | ||
@@ -51,0 +110,0 @@ } |
| const fs = require('fs') | ||
| const path = require('path') | ||
| const mkdirp = require('mkdirp') | ||
@@ -6,0 +5,0 @@ function mkdirSync (targetDir) { |
New alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by12.58%
14845
- Dev dependency count
- decreased by-100%
0
- Lines of code
- increased by11.35%
471
Worsened metrics
- Dependency count
- increased by33.33%
4
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedregex-replace-file@^2.1.1
+ Addedsnyk@^1.90.0
+ Added@sentry-internal/tracing@7.120.3(transitive)
+ Added@sentry/core@7.120.3(transitive)
+ Added@sentry/integrations@7.120.3(transitive)
+ Added@sentry/node@7.120.3(transitive)
+ Added@sentry/types@7.120.3(transitive)
+ Added@sentry/utils@7.120.3(transitive)
+ Addedboolean@3.2.0(transitive)
+ Addedcolors@0.5.1(transitive)
+ Addeddefine-data-property@1.1.4(transitive)
+ Addeddefine-properties@1.2.1(transitive)
+ Addeddetect-node@2.1.0(transitive)
+ Addedes-define-property@1.0.1(transitive)
+ Addedes-errors@1.3.0(transitive)
+ Addedes6-error@4.1.1(transitive)
+ Addedescape-string-regexp@4.0.0(transitive)
+ Addedfs-extra@4.0.3(transitive)
+ Addedglobal-agent@3.0.0(transitive)
+ Addedglobalthis@1.0.4(transitive)
+ Addedgopd@1.2.0(transitive)
+ Addedgraceful-fs@4.2.11(transitive)
+ Addedhas-property-descriptors@1.0.2(transitive)
+ Addedimmediate@3.0.6(transitive)
+ Addedjson-stringify-safe@5.0.1(transitive)
+ Addedjsonfile@4.0.0(transitive)
+ Addedlie@3.1.1(transitive)
+ Addedlocalforage@1.10.0(transitive)
+ Addedlru-cache@2.7.3(transitive)
+ Addedmatcher@3.0.0(transitive)
+ Addedminimatch@0.2.14(transitive)
+ Addednomnom@1.6.2(transitive)
+ Addedobject-keys@1.1.1(transitive)
+ Addedregex-replace-file@2.1.1(transitive)
+ Addedreplace@0.3.0(transitive)
+ Addedroarr@2.15.4(transitive)
+ Addedsemver@7.7.1(transitive)
+ Addedsemver-compare@1.0.0(transitive)
+ Addedserialize-error@7.0.1(transitive)
+ Addedsigmund@1.0.1(transitive)
+ Addedsnyk@1.1295.4(transitive)
+ Addedsprintf-js@1.1.3(transitive)
+ Addedtype-fest@0.13.1(transitive)
+ Addedunderscore@1.4.4(transitive)
+ Addeduniversalify@0.1.2(transitive)
- Removedmkdirp@^0.5.1
- Removedminimist@1.2.8(transitive)
- Removedmkdirp@0.5.6(transitive)