impress
Advanced tools
Comparing version 3.0.2 to 3.0.3
@@ -20,2 +20,3 @@ 'use strict'; | ||
port2.on('message', ({ error, data }) => { | ||
port2.close(); | ||
if (error) reject(error); | ||
@@ -22,0 +23,0 @@ else resolve(data); |
@@ -47,2 +47,18 @@ 'use strict'; | ||
const validSubmodules = (key) => | ||
key !== '' && !key.includes('*') && !key.includes('.'); | ||
const loadModule = (name) => { | ||
const lib = appRequire(name); | ||
const pkg = require(`${CWD}/node_modules/${name}/package.json`); | ||
if (!pkg.exports) return lib; | ||
const subKeys = Object.keys(pkg.exports).map((key) => key.substring(2)); | ||
const subNames = subKeys.filter(validSubmodules); | ||
for (const subName of subNames) { | ||
const sub = appRequire(name + '/' + subName); | ||
lib[subName] = sub; | ||
} | ||
return lib; | ||
}; | ||
for (const name of dependencies) { | ||
@@ -52,3 +68,7 @@ if (name === 'impress') continue; | ||
try { | ||
lib = internals.includes(name) ? require(`node:${name}`) : appRequire(name); | ||
if (internals.includes(name)) { | ||
lib = require(`node:${name}`); | ||
} else { | ||
lib = loadModule(name); | ||
} | ||
} catch { | ||
@@ -55,0 +75,0 @@ if (npmpkg.includes(name) || !optional.includes(name)) { |
@@ -191,2 +191,3 @@ 'use strict'; | ||
port2.on('message', ({ error, data }) => { | ||
port2.close(); | ||
if (error) reject(error); | ||
@@ -193,0 +194,0 @@ else resolve(data); |
@@ -9,2 +9,3 @@ 'use strict'; | ||
port2.on('message', ({ id }) => { | ||
port2.close(); | ||
resolve(id); | ||
@@ -11,0 +12,0 @@ }); |
{ | ||
"name": "impress", | ||
"version": "3.0.2", | ||
"version": "3.0.3", | ||
"author": "Timur Shemsedinov <timur.shemsedinov@gmail.com>", | ||
@@ -65,3 +65,3 @@ "description": "Enterprise application server for Node.js", | ||
"dependencies": { | ||
"metacom": "^3.0.1", | ||
"metacom": "^3.0.2", | ||
"metaconfiguration": "^2.1.11", | ||
@@ -75,13 +75,13 @@ "metalog": "^3.1.12", | ||
"devDependencies": { | ||
"@types/node": "^20.4.5", | ||
"@types/node": "^20.5.0", | ||
"@types/ws": "^8.5.5", | ||
"eslint": "^8.46.0", | ||
"eslint": "^8.47.0", | ||
"eslint-config-metarhia": "^8.2.1", | ||
"eslint-config-prettier": "^8.9.0", | ||
"eslint-config-prettier": "^9.0.0", | ||
"eslint-plugin-import": "^2.28.0", | ||
"eslint-plugin-prettier": "^5.0.0", | ||
"metatests": "^0.8.2", | ||
"prettier": "^3.0.0", | ||
"prettier": "^3.0.1", | ||
"typescript": "^5.1.6" | ||
} | ||
} |
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
64357
1688
5
Updatedmetacom@^3.0.2