install-files
Advanced tools
install-files - npm Package Compare versions
Comparing version 1.1.4 to 1.1.5
| { | ||
| "name": "install-files", | ||
| "version": "1.1.4", | ||
| "version": "1.1.5", | ||
| "description": "", | ||
@@ -5,0 +5,0 @@ "bin": "bin/install-files.js", |
@@ -122,2 +122,3 @@ # install-files | ||
| * 1.1.5 Fix non-flattened npm invocation to support multiple installed versions | ||
| * 1.1.4 Add yarn support ([#11](https://github.com/mixmaxhq/install-files/issues/11)) | ||
@@ -124,0 +125,0 @@ * 1.1.3 Ensure install doesn't run on self ([#9](https://github.com/mixmaxhq/install-files/pull/9) - [@GoGoCarl](https://github.com/GoGoCarl)) |
@@ -50,2 +50,7 @@ var hostPackageDir = require('./hostPackageDir'); | ||
| // When this is called from a package's 'install' or 'postinstall' script, this will be the path | ||
| // to the root of the package that has the 'install-files' hook in its package.json. This solves | ||
| // problems where npm doesn't flatten install-files because of conflicting versions. | ||
| var invokingPackage = process.env.PWD; | ||
| var npmVersion = npmv.majorVersion(); | ||
@@ -63,3 +68,12 @@ | ||
| target = fileInstallingPackagePath && hostPackageDir(fileInstallingPackagePath); | ||
| } else if (invokingPackage) { | ||
| // We know the package that's invoking us, so we just append the source directory. | ||
| source = path.join(invokingPackage, sourceDir); | ||
| // Get the directory of the package that hosts the invoking package. This isn't bulletproof, but | ||
| // it's the best guess we have. | ||
| target = invokingPackage && hostPackageDir(invokingPackage); | ||
| } else { | ||
| // We expect PWD to be available at all times, but just in case it isn't, we fall back to | ||
| // previous behavior. | ||
| source = path.join(fileInstallingPackagePath, 'node_modules', installTargetPackageName, sourceDir); | ||
@@ -66,0 +80,0 @@ target = fileInstallingPackagePath; |
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Fixed alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.83%
31088
- Lines of code
- increased by4.33%
289
- Number of lines in readme file
- increased by0.78%
130
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Number of package files
- decreased by-6.67%
14
- Number of low supply chain risk alerts
- increased by7.14%
15