gh-release-fetch - npm Package Compare versions

Comparing version 3.0.2 to 4.0.0

dist/index.d.ts

 import { RequestInit } from 'node-fetch';
-declare type DownloadOptions = Pick<RequestInit, 'agent'>;
+type DownloadOptions = Pick<RequestInit, 'agent'>;
 export interface Release {
@@ -4,0 +4,0 @@ repository: string;

dist/index.js

@@ -1,12 +0,7 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.newerVersion = exports.updateAvailable = exports.fetchVersion = exports.fetchLatest = void 0;
-const fs_1 = require("fs");
-const download_1 = __importDefault(require("download"));
-const node_fetch_1 = __importDefault(require("node-fetch"));
-const semver_1 = require("semver");
-async function fetchLatest(release, fetchOptions) {
+import { promises as fs } from 'fs';
+// @ts-expect-error this module does not have types itself, we need to use `download` types
+import download from '@xhmikosr/downloader';
+import fetch from 'node-fetch';
+import { gt } from 'semver';
+export async function fetchLatest(release, fetchOptions) {
     // eslint-disable-next-line no-param-reassign
@@ -17,16 +12,13 @@ release.version = await resolveRelease(release.repository, fetchOptions);
 }
-exports.fetchLatest = fetchLatest;
-async function fetchVersion(release, { agent } = {}) {
+export async function fetchVersion(release, { agent } = {}) {
     validateRelease(release);
     await downloadFile(release, { agent });
 }
-exports.fetchVersion = fetchVersion;
-async function updateAvailable(repository, currentVersion, fetchOptions) {
+export async function updateAvailable(repository, currentVersion, fetchOptions) {
     const latestVersion = await resolveRelease(repository, fetchOptions);
     return newerVersion(latestVersion, currentVersion);
 }
-exports.updateAvailable = updateAvailable;
 async function resolveRelease(repository, fetchOptions) {
-    const res = await (0, node_fetch_1.default)(`https://api.github.com/repos/${repository}/releases/latest`, fetchOptions);
-    const json = await res.json();
+    const res = await fetch(`https://api.github.com/repos/${repository}/releases/latest`, fetchOptions);
+    const json = (await res.json());
     if (res.status === 403 && typeof json.message === 'string' && json.message.includes('API rate limit exceeded')) {
@@ -39,6 +31,6 @@ throw new Error('API rate limit exceeded, please try again later');
     const url = `https://github.com/${release.repository}/releases/download/${release.version}/${release.package}`;
-    await fs_1.promises.mkdir(release.destination, { recursive: true });
-    await (0, download_1.default)(url, release.destination, {
+    await fs.mkdir(release.destination, { recursive: true });
+    await download(url, release.destination, {
         extract: release.extract,
-        agent: agent,
+        agent: { https: agent },
     });
@@ -60,3 +52,3 @@ }
 }
-function newerVersion(latestVersion, currentVersion) {
+export function newerVersion(latestVersion, currentVersion) {
     if (!latestVersion) {
@@ -70,4 +62,3 @@ return false;
     const normalizedCurrentVersion = currentVersion.replace(/^v/, '');
-    return (0, semver_1.gt)(normalizedLatestVersion, normalizedCurrentVersion);
+    return gt(normalizedLatestVersion, normalizedCurrentVersion);
 }
-exports.newerVersion = newerVersion;

package.json

 {
   "name": "gh-release-fetch",
-  "version": "3.0.2",
+  "version": "4.0.0",
   "description": "A library to fetch release binaries from GitHub Releases",
   "main": "dist/index.js",
+  "type": "module",
   "files": [
-    "dist/*.{js,ts}"
+    "dist"
   ],
   "scripts": {
     "prepare": "husky install node_modules/@netlify/eslint-config-node/.husky/",
-    "prepublishOnly": "npm ci && run-s build test",
-    "test": "jest",
+    "prepublishOnly": "npm ci && npm run build",
+    "test": "vitest run",
+    "test:ci": "vitest run --coverage",
     "build": "tsc",
@@ -25,4 +27,4 @@ "build:watch": "tsc --watch",
   "config": {
-    "eslint": "--ignore-path .gitignore --cache --format=codeframe --max-warnings=0 \"{src,tests,.github}/**/*.{ts,js,html}\" \"*.{ts,js,html}\" \".*.{ts,js,html}\"",
-    "prettier": "--ignore-path .gitignore --loglevel=warn \"{src,tests,.github}/**/*.{ts,js,md,yml,json,html}\" \"*.{ts,js,yml,json,html}\" \".*.{ts,js,yml,json,html}\" \"!package-lock.json\""
+    "eslint": "--report-unused-disable-directives --ignore-path .gitignore --cache --format=codeframe --max-warnings=0 \"{src,tests,.github}/**/*.{mjs,cjs,js,mts,cts,ts,html}\" \"*.{cjs,mjs,js,cts,mts,ts,html}\" \".*.{cjs,mjs,js,cts,mts,ts,html}\"",
+    "prettier": "--loglevel=warn \"{src,tests,.github}/**/*.{cjs,mjs,js,cts,mts,ts,md,yml,json,html}\" \"*.{cjs,mjs,js,cts,mts,ts,yml,json,html}\" \".*.{cjs,mjs,js,cts,mts,ts,yml,json,html}\" \"!package-lock.json\""
   },
@@ -35,3 +37,3 @@ "keywords": [
   "engines": {
-    "node": "^12.20.0 || ^14.14.0 || >=16.0.0"
+    "node": "^14.18.0 || ^16.13.0 || >=18.0.0"
   },
@@ -41,18 +43,18 @@ "author": "David Calavera",
   "devDependencies": {
-    "@netlify/eslint-config-node": "^5.1.7",
-    "@types/jest": "^27.0.0",
-    "@types/node": "^16.0.0",
-    "husky": "^7.0.4",
-    "jest": "^27.0.0",
-    "ts-jest": "^27.0.0",
-    "typescript": "^4.0.0"
+    "@netlify/eslint-config-node": "7.0.1",
+    "@types/download": "8.0.2",
+    "@types/node": "14.18.46",
+    "@types/semver": "7.5.0",
+    "@vitest/coverage-c8": "0.31.0",
+    "husky": "8.0.3",
+    "npm-run-all": "4.1.5",
+    "tempy": "3.0.0",
+    "typescript": "5.0.4",
+    "vitest": "0.31.0"
   },
   "dependencies": {
-    "@types/download": "^8.0.0",
-    "@types/node-fetch": "^2.1.6",
-    "@types/semver": "^7.0.0",
-    "download": "^8.0.0",
-    "node-fetch": "^2.3.0",
+    "@xhmikosr/downloader": "^9.0.0",
+    "node-fetch": "^3.0.0",
     "semver": "^7.0.0"
   }
 }

README.md

@@ -10,5 +10,5 @@ # Release Fetch
 ```ts
-import * from 'release-fetch'
+import { fetchLatest } from 'gh-release-fetch'
 
-fetchLatest({ repository: 'netlify/netlify-cli', package: 'cli.tar.gz', destination: 'dist' });
+fetchLatest({ repository: 'netlify/netlify-cli', package: 'cli.tar.gz', destination: 'dist' })
 ```
@@ -15,0 +15,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

8688

increased by26.5%

Dependency count

3

decreased by-50%

Number of package files

7

increased by40%

Lines of code

129

increased by55.42%

Is type module

Yes

Worsened metrics

Dev dependency count

10

increased by42.86%

Number of medium supply chain risk alerts

6

increased byInfinity%

Dependency changes

• + Added@xhmikosr/downloader@^9.0.0

• + Added@sindresorhus/is@4.6.0(transitive)

• + Added@szmarczak/http-timer@4.0.6(transitive)

• + Added@types/cacheable-request@6.0.3(transitive)

• + Added@types/http-cache-semantics@4.0.4(transitive)

• + Added@types/keyv@3.1.4(transitive)

• + Added@types/responselike@1.0.3(transitive)

• + Added@xhmikosr/decompress@5.0.0(transitive)

• + Added@xhmikosr/downloader@9.0.0(transitive)

• + Addedcacheable-lookup@5.0.4(transitive)

• + Addedcacheable-request@7.0.4(transitive)

• + Addedclone-response@1.0.3(transitive)

• + Addeddata-uri-to-buffer@4.0.1(transitive)

• + Addeddecompress-response@6.0.0(transitive)

• + Addeddefer-to-connect@2.0.1(transitive)

• + Addedescape-string-regexp@5.0.0(transitive)

• + Addedfetch-blob@3.2.0(transitive)

• + Addedfile-type@12.4.2(transitive)

• + Addedfilename-reserved-regex@3.0.0(transitive)

• + Addedfilenamify@5.1.1(transitive)

• + Addedformdata-polyfill@4.0.10(transitive)

• + Addedget-stream@5.2.06.0.1(transitive)

• + Addedgot@11.8.6(transitive)

• + Addedhttp-cache-semantics@4.1.1(transitive)

• + Addedhttp2-wrapper@1.0.3(transitive)

• + Addedinspect-with-kind@1.0.5(transitive)

• + Addedjson-buffer@3.0.1(transitive)

• + Addedkeyv@4.5.4(transitive)

• + Addedkind-of@6.0.3(transitive)

• + Addedlowercase-keys@2.0.0(transitive)

• + Addedmake-dir@3.1.0(transitive)

• + Addedmimic-response@3.1.0(transitive)

• + Addednode-domexception@1.0.0(transitive)

• + Addednode-fetch@3.3.2(transitive)

• + Addednormalize-url@6.1.0(transitive)

• + Addedp-cancelable@2.1.1(transitive)

• + Addedp-event@5.0.1(transitive)

• + Addedp-timeout@5.1.0(transitive)

• + Addedpify@5.0.0(transitive)

• + Addedquick-lru@5.1.1(transitive)

• + Addedresolve-alpn@1.2.1(transitive)

• + Addedresponselike@2.0.1(transitive)

• + Addedsemver@6.3.1(transitive)

• + Addedstrip-dirs@3.0.0(transitive)

• + Addedstrip-outer@2.0.0(transitive)

• + Addedtrim-repeated@2.0.0(transitive)

• + Addedweb-streams-polyfill@3.3.3(transitive)

• - Removed@types/download@^8.0.0

• - Removed@types/node-fetch@^2.1.6

• - Removed@types/semver@^7.0.0

• - Removeddownload@^8.0.0

• - Removed@sindresorhus/is@0.7.0(transitive)

• - Removed@types/decompress@4.2.7(transitive)

• - Removed@types/download@8.0.5(transitive)

• - Removed@types/got@9.6.12(transitive)

• - Removed@types/node-fetch@2.6.12(transitive)

• - Removed@types/semver@7.5.8(transitive)

• - Removed@types/tough-cookie@4.0.5(transitive)

• - Removedasynckit@0.4.0(transitive)

• - Removedcacheable-request@2.1.4(transitive)

• - Removedclone-response@1.0.2(transitive)

• - Removedcombined-stream@1.0.8(transitive)

• - Removeddecode-uri-component@0.2.2(transitive)

• - Removeddecompress@4.2.1(transitive)

• - Removeddecompress-response@3.3.0(transitive)

• - Removeddelayed-stream@1.0.0(transitive)

• - Removeddownload@8.0.0(transitive)

• - Removedduplexer3@0.1.5(transitive)

• - Removedescape-string-regexp@1.0.5(transitive)

• - Removedfile-type@11.1.0(transitive)

• - Removedfilename-reserved-regex@2.0.0(transitive)

• - Removedfilenamify@3.0.0(transitive)

• - Removedform-data@2.5.24.0.1(transitive)

• - Removedfrom2@2.3.0(transitive)

• - Removedget-stream@3.0.04.1.0(transitive)

• - Removedgot@8.3.2(transitive)

• - Removedhas-symbol-support-x@1.4.2(transitive)

• - Removedhas-to-string-tag-x@1.4.1(transitive)

• - Removedhttp-cache-semantics@3.8.1(transitive)

• - Removedinto-stream@3.1.0(transitive)

• - Removedis-natural-number@4.0.1(transitive)

• - Removedis-object@1.0.2(transitive)

• - Removedis-retry-allowed@1.2.0(transitive)

• - Removedisurl@1.0.0(transitive)

• - Removedjson-buffer@3.0.0(transitive)

• - Removedkeyv@3.0.0(transitive)

• - Removedlowercase-keys@1.0.01.0.1(transitive)

• - Removedmake-dir@1.3.02.1.0(transitive)

• - Removedmime-db@1.52.0(transitive)

• - Removedmime-types@2.1.35(transitive)

• - Removednode-fetch@2.7.0(transitive)

• - Removednormalize-url@2.0.1(transitive)

• - Removedp-cancelable@0.4.1(transitive)

• - Removedp-event@2.3.1(transitive)

• - Removedp-finally@1.0.0(transitive)

• - Removedp-is-promise@1.1.0(transitive)

• - Removedp-timeout@2.0.1(transitive)

• - Removedpify@3.0.04.0.1(transitive)

• - Removedprepend-http@2.0.0(transitive)

• - Removedquery-string@5.1.1(transitive)

• - Removedresponselike@1.0.2(transitive)

• - Removedsemver@5.7.2(transitive)

• - Removedsort-keys@2.0.0(transitive)

• - Removedstrict-uri-encode@1.1.0(transitive)

• - Removedstrip-dirs@2.1.0(transitive)

• - Removedstrip-outer@1.0.1(transitive)

• - Removedtimed-out@4.0.1(transitive)

• - Removedtr46@0.0.3(transitive)

• - Removedtrim-repeated@1.0.0(transitive)

• - Removedurl-parse-lax@3.0.0(transitive)

• - Removedurl-to-options@1.0.1(transitive)

• - Removedwebidl-conversions@3.0.1(transitive)

• - Removedwhatwg-url@5.0.0(transitive)

• Updatednode-fetch@^3.0.0