glob - npm Package Compare versions

Comparing version 11.1.0 to 12.0.0

dist/esm/bin.mjs

@@ -323,4 +323,3 @@ #!/usr/bin/env node
         const knownShells = ['sh', 'ksh', 'zsh', 'bash', 'fish'];
-        if ((shell || /[ "']/.test(cmd)) &&
-            knownShells.includes(shellBase)) {
+        if ((shell || /[ "']/.test(cmd)) && knownShells.includes(shellBase)) {
             const cmdWithArgs = `${cmd} "\$${shellBase === 'fish' ? 'argv' : '@'}"`;
@@ -335,6 +334,6 @@ if (shellBase !== 'fish') {
             if (shell) {
-                process.emitWarning('The --shell option is unsafe, and will be removed. To pass ' +
-                    'positional arguments to the subprocess, use -g/--cmd-arg instead.', 'DeprecationWarning', 'GLOB_SHELL');
+                process.emitWarning('The --shell option is not supported on this system. To pass ' +
+                    'positional arguments to the subprocess, use -g/--cmd-arg instead.', 'UnsupportedWarning', 'GLOB_SHELL');
             }
-            stream.on('end', () => foregroundChild(cmd, cmdArg, { shell }));
+            stream.on('end', () => foregroundChild(cmd, cmdArg));
         }
@@ -341,0 +340,0 @@ }

package.json

@@ -5,3 +5,3 @@ {
   "description": "the most correct and second fastest glob implementation in JavaScript",
-  "version": "11.1.0",
+  "version": "12.0.0",
   "type": "module",
@@ -8,0 +8,0 @@ "tshy": {

README.md

@@ -438,7 +438,7 @@ # Glob
 
-    To start absolute and non-absolute patterns in the same path,
-    you can use `{root:''}`. However, be aware that on Windows
-    systems, a pattern like `x:/*` or `//host/share/*` will
-    _always_ start in the `x:/` or `//host/share` directory,
-    regardless of the `root` setting.
+  To start absolute and non-absolute patterns in the same path,
+  you can use `{root:''}`. However, be aware that on Windows
+  systems, a pattern like `x:/*` or `//host/share/*` will
+  _always_ start in the `x:/` or `//host/share` directory,
+  regardless of the `root` setting.
 
@@ -668,3 +668,2 @@ > [!NOTE] This _doesn't_ necessarily limit the walk to the
 
-
 ## Glob Primer
@@ -671,0 +670,0 @@

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Deprecated

Maintenance

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Number of medium maintenance alerts

0

-100%

Worsened metrics

Total package byte prevSize

484121

-0.02%

Lines of code

4503

-0.02%

Number of lines in readme file

1294

-0.08%

Number of low supply chain risk alerts

12

20%

No dependency changes