import-html-entry
Advanced tools
import-html-entry - npm Package Compare versions
+9
-5
@@ -86,4 +86,4 @@ import _defineProperty from "@babel/runtime/helpers/esm/defineProperty"; | ||
| var errorCallback = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : function () {}; | ||
| var fetchScript = function fetchScript(scriptUrl) { | ||
| return scriptCache[scriptUrl] || (scriptCache[scriptUrl] = fetch(scriptUrl).then(function (response) { | ||
| var fetchScript = function fetchScript(scriptUrl, opts) { | ||
| return scriptCache[scriptUrl] || (scriptCache[scriptUrl] = fetch(scriptUrl, opts).then(function (response) { | ||
| // usually browser treats 4xx and 5xx response of script loading as an error and will fire a script error event | ||
@@ -112,3 +112,7 @@ // https://stackoverflow.com/questions/5625420/what-http-headers-responses-trigger-the-onerror-handler-on-a-script-tag/5625603 | ||
| var src = script.src, | ||
| async = script.async; | ||
| async = script.async, | ||
| crossOrigin = script.crossOrigin; | ||
| var fetchOpts = crossOrigin ? { | ||
| credentials: 'include' | ||
| } : {}; | ||
| if (async) { | ||
@@ -120,3 +124,3 @@ return { | ||
| return requestIdleCallback(function () { | ||
| return fetchScript(src).then(resolve, reject); | ||
| return fetchScript(src, fetchOpts).then(resolve, reject); | ||
| }); | ||
@@ -126,3 +130,3 @@ }) | ||
| } | ||
| return fetchScript(src); | ||
| return fetchScript(src, fetchOpts); | ||
| } | ||
@@ -129,0 +133,0 @@ })); |
@@ -14,2 +14,3 @@ import _slicedToArray from "@babel/runtime/helpers/esm/slicedToArray"; | ||
| var SCRIPT_ASYNC_REGEX = /.*\sasync\s*.*/; | ||
| var SCRIPT_CROSSORIGIN_REGEX = /.*\scrossorigin=('|")?use-credentials\1/; | ||
| var SCRIPT_NO_MODULE_REGEX = /.*\snomodule\s*.*/; | ||
@@ -44,3 +45,4 @@ var SCRIPT_MODULE_REGEX = /.*\stype=('|")?module('|")?\s*.*/; | ||
| var async = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : false; | ||
| return "<!-- ".concat(async ? 'async' : '', " script ").concat(scriptSrc, " replaced by import-html-entry -->"); | ||
| var crossOrigin = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false; | ||
| return "<!-- ".concat(crossOrigin ? 'cors' : '', " ").concat(async ? 'async' : '', " script ").concat(scriptSrc, " replaced by import-html-entry -->"); | ||
| }; | ||
@@ -150,7 +152,9 @@ export var inlineScriptReplaceSymbol = "<!-- inline scripts replaced by import-html-entry -->"; | ||
| var asyncScript = !!scriptTag.match(SCRIPT_ASYNC_REGEX); | ||
| scripts.push(asyncScript ? { | ||
| async: true, | ||
| src: matchedScriptSrc | ||
| var crossOriginScript = !!scriptTag.match(SCRIPT_CROSSORIGIN_REGEX); | ||
| scripts.push(asyncScript || crossOriginScript ? { | ||
| async: asyncScript, | ||
| src: matchedScriptSrc, | ||
| crossOrigin: crossOriginScript | ||
| } : matchedScriptSrc); | ||
| return genScriptReplaceSymbol(matchedScriptSrc, asyncScript); | ||
| return genScriptReplaceSymbol(matchedScriptSrc, asyncScript, crossOriginScript); | ||
| } | ||
@@ -157,0 +161,0 @@ return match; |
+9
-5
@@ -93,4 +93,4 @@ "use strict"; | ||
| var errorCallback = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : function () {}; | ||
| var fetchScript = function fetchScript(scriptUrl) { | ||
| return scriptCache[scriptUrl] || (scriptCache[scriptUrl] = fetch(scriptUrl).then(function (response) { | ||
| var fetchScript = function fetchScript(scriptUrl, opts) { | ||
| return scriptCache[scriptUrl] || (scriptCache[scriptUrl] = fetch(scriptUrl, opts).then(function (response) { | ||
| // usually browser treats 4xx and 5xx response of script loading as an error and will fire a script error event | ||
@@ -119,3 +119,7 @@ // https://stackoverflow.com/questions/5625420/what-http-headers-responses-trigger-the-onerror-handler-on-a-script-tag/5625603 | ||
| var src = script.src, | ||
| async = script.async; | ||
| async = script.async, | ||
| crossOrigin = script.crossOrigin; | ||
| var fetchOpts = crossOrigin ? { | ||
| credentials: 'include' | ||
| } : {}; | ||
| if (async) { | ||
@@ -127,3 +131,3 @@ return { | ||
| return (0, _utils.requestIdleCallback)(function () { | ||
| return fetchScript(src).then(resolve, reject); | ||
| return fetchScript(src, fetchOpts).then(resolve, reject); | ||
| }); | ||
@@ -133,3 +137,3 @@ }) | ||
| } | ||
| return fetchScript(src); | ||
| return fetchScript(src, fetchOpts); | ||
| } | ||
@@ -136,0 +140,0 @@ })); |
@@ -23,2 +23,3 @@ "use strict"; | ||
| var SCRIPT_ASYNC_REGEX = /.*\sasync\s*.*/; | ||
| var SCRIPT_CROSSORIGIN_REGEX = /.*\scrossorigin=('|")?use-credentials\1/; | ||
| var SCRIPT_NO_MODULE_REGEX = /.*\snomodule\s*.*/; | ||
@@ -54,3 +55,4 @@ var SCRIPT_MODULE_REGEX = /.*\stype=('|")?module('|")?\s*.*/; | ||
| var async = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : false; | ||
| return "<!-- ".concat(async ? 'async' : '', " script ").concat(scriptSrc, " replaced by import-html-entry -->"); | ||
| var crossOrigin = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false; | ||
| return "<!-- ".concat(crossOrigin ? 'cors' : '', " ").concat(async ? 'async' : '', " script ").concat(scriptSrc, " replaced by import-html-entry -->"); | ||
| }; | ||
@@ -164,7 +166,9 @@ exports.genScriptReplaceSymbol = genScriptReplaceSymbol; | ||
| var asyncScript = !!scriptTag.match(SCRIPT_ASYNC_REGEX); | ||
| scripts.push(asyncScript ? { | ||
| async: true, | ||
| src: matchedScriptSrc | ||
| var crossOriginScript = !!scriptTag.match(SCRIPT_CROSSORIGIN_REGEX); | ||
| scripts.push(asyncScript || crossOriginScript ? { | ||
| async: asyncScript, | ||
| src: matchedScriptSrc, | ||
| crossOrigin: crossOriginScript | ||
| } : matchedScriptSrc); | ||
| return genScriptReplaceSymbol(matchedScriptSrc, asyncScript); | ||
| return genScriptReplaceSymbol(matchedScriptSrc, asyncScript, crossOriginScript); | ||
| } | ||
@@ -171,0 +175,0 @@ return match; |
+4
-1
| { | ||
| "name": "import-html-entry", | ||
| "version": "1.14.6", | ||
| "version": "1.15.0", | ||
| "description": "import html and get the exports of entry", | ||
@@ -32,2 +32,5 @@ "main": "./lib/index.js", | ||
| }, | ||
| "publishConfig": { | ||
| "registry": "https://registry.npmjs.org/" | ||
| }, | ||
| "keywords": [ | ||
@@ -34,0 +37,0 @@ "html", |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Potential vulnerability
Supply chain riskInitial human review suggests the presence of a vulnerability in this package. It is pending further analysis and confirmation.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Potential vulnerability
Supply chain riskInitial human review suggests the presence of a vulnerability in this package. It is pending further analysis and confirmation.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
74853
1.54%- Lines of code
1474
1.1%Worsened metrics
- Number of low supply chain risk alerts
11
120%