goss - npm Package Compare versions

Comparing version 0.1.3 to 0.1.4

package.json

 {
    "name": "goss",
-   "version": "0.1.3",
+   "version": "0.1.4",
    "description": "An package util library for glow-opensource",
@@ -5,0 +5,0 @@ "bin": {

src/cmd/import.js

 module.exports = function (cmd, argv, cb) {
-	var { join } = require("path");
+	var { join, resolve } = require("path");
 	var color = require("../util/color");
@@ -14,3 +14,3 @@ var { existsSync, writeFileSync, readFileSync } = require("fs");
 			base + ".mjs",
-			`export * from "./index.js";import _m from "./index.js";export default Object.assign(_m.default || {},_m);`
+			`import _m from "./index.js";export default Object.assign(_m.default || {},_m);${Object.keys(require(resolve(base + ".js"))).filter(x => x !== "default").map( x => `export const ${x}=_m.${x}`).join(";")};`
 		);
@@ -17,0 +17,0 @@ color(

New alerts

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

8751

increased by1.24%

Worsened metrics

Number of low supply chain risk alerts

19

increased by5.56%

No dependency changes