New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
install-files
Advanced tools
install-files - npm Package Compare versions
Comparing version 1.0.1 to 1.1.0
@@ -11,3 +11,3 @@ #! /usr/bin/env node | ||
| .epilog('Recursively merges `sourceDir` into a host package\'s directory when a dependency is ' + | ||
| 'being installed. For more information, see https://github.com/mixmaxhq/node-install-files.') | ||
| 'being installed. For more information, see https://github.com/mixmaxhq/install-files.') | ||
| .argv; | ||
@@ -14,0 +14,0 @@ |
| { | ||
| "name": "install-files", | ||
| "version": "1.0.1", | ||
| "version": "1.1.0", | ||
| "description": "", | ||
@@ -5,0 +5,0 @@ "bin": "bin/install-files.js", |
@@ -114,3 +114,4 @@ # install-files | ||
| * 1.1.0 Support npm 3 (#5 - [@GoGoCarl](https://github.com/GoGoCarl)) | ||
| * 1.0.1 Properly determine the host package's directory even if its Node modules are cached elsewhere | ||
| * 1.0.0 Initial release. |
| var hostPackageDir = require('./hostPackageDir'); | ||
| var ncp = require('ncp'); | ||
| var npmv = require('./npm-version'); | ||
| var path = require('path'); | ||
@@ -34,5 +36,22 @@ /** | ||
| // The path to the package into which we should install the files. | ||
| var destinationDir = fileInstallingPackagePath && hostPackageDir(fileInstallingPackagePath); | ||
| if (!destinationDir) { | ||
| var source, target; | ||
| switch (npmv.majorVersion()) { | ||
| case '1': | ||
| console.log("[install-files]: WARNING: NPMv1 is not officially supported; unexpected results could occur. Consider upgrading to v2 or later"); | ||
| case '2': | ||
| source = sourceDir; | ||
| target = fileInstallingPackagePath && hostPackageDir(fileInstallingPackagePath); | ||
| break; | ||
| case null: | ||
| console.log("[install-files]: WARNING: Could not determine NPM version"); //Fall back to default | ||
| default: | ||
| source = path.join(fileInstallingPackagePath, 'node_modules', process.env.npm_package_name, sourceDir); | ||
| target = fileInstallingPackagePath | ||
| } | ||
| if (fileInstallingPackagePath.match(".+" + process.env.npm_package_name + "$")) { | ||
| console.log("[install-files]: Target = self, skipping install") | ||
| process.nextTick(() => done()); | ||
| return; | ||
| } else if (!target) { | ||
| var error2 = new Error('Could not determine the install destination directory.'); | ||
@@ -43,3 +62,3 @@ process.nextTick(() => done(error2)); | ||
| ncp(sourceDir, destinationDir, { | ||
| ncp(source, target, { | ||
| // Intentionally overwrite existing files. | ||
@@ -46,0 +65,0 @@ // This lets the file-installing package push a new version of files to dependents when it is updated. |
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by10.04%
16280
- Number of package files
- increased by7.69%
14
- Lines of code
- increased by21.89%
245
- Number of lines in readme file
- increased by0.86%
117
Worsened metrics
- Number of low supply chain risk alerts
- increased by18.18%
13
No dependency changes