install-module-linked - npm Package Compare versions

Comparing version 1.4.2 to 1.4.3

dist/cjs/lib/cache.js

@@ -69,2 +69,10 @@ "use strict";
             queue.defer(function(cb) {
+                // Verify npm actually created the package directory - npm may silently skip
+                // installation (exit 0) when platform doesn't match (os/cpu/libc fields)
+                _fs.default.stat(tmpModulePath, function(err) {
+                    if (err) return cb(new Error("Package directory not created by npm. This may happen when the package has platform restrictions (os/cpu/libc) that don't match the current system: ".concat(tmpModulePath)));
+                    cb();
+                });
+            });
+            queue.defer(function(cb) {
                 return (0, _renameWithFallbackts.default)(tmpModulePath, cachedAt, cb);
@@ -71,0 +79,0 @@ });

dist/cjs/lib/cache.js.map

@@ -1,1 +0,1 @@
-{"version":3,"sources":["/Users/kevin/Dev/OpenSource/node/install-module-linked/src/lib/cache.ts"],"sourcesContent":["import fs from 'fs';\nimport { safeRm } from 'fs-remove-compat';\nimport mkdirp from 'mkdirp-classic';\nimport path from 'path';\nimport Queue from 'queue-cb';\nimport tempSuffix from 'temp-suffix';\nimport type { EnsureCachedCallback } from '../types.ts';\nimport getSpecifier from './getSpecifier.ts';\nimport install from './install.ts';\nimport parse from './parseInstallString.ts';\nimport renameWithFallback from './renameWithFallback.ts';\n\nexport default function ensureCached(installString: string, cachePath: string, callback: EnsureCachedCallback) {\n  getSpecifier(installString, (err, specifier) => {\n    if (err) return callback(err);\n    const cachedAt = path.join(cachePath, specifier);\n    const { name } = parse(installString);\n\n    fs.stat(cachedAt, (err?: Error) => {\n      if (!err) return callback(null, cachedAt); // already cached\n\n      const tmp = `${cachedAt}-${tempSuffix()}`;\n      const tmpModulePath = path.join(tmp, 'node_modules', ...name.split('/'));\n\n      const queue = new Queue(1);\n      queue.defer(mkdirp.bind(null, tmp));\n      queue.defer(fs.writeFile.bind(null, path.join(tmp, 'package.json'), '{}', 'utf8'));\n      queue.defer(install.bind(null, specifier, tmp));\n      queue.defer((cb) => renameWithFallback(tmpModulePath, cachedAt, cb));\n      queue.defer((cb) => renameWithFallback(path.join(tmp, 'node_modules'), path.join(cachedAt, 'node_modules'), cb));\n      queue.await((err) => {\n        // clear up whether installed or not\n        safeRm(tmp, () => (err ? callback(err) : callback(null, cachedAt)));\n      });\n    });\n  });\n}\n"],"names":["ensureCached","installString","cachePath","callback","getSpecifier","err","specifier","cachedAt","path","join","name","parse","fs","stat","tmp","tempSuffix","tmpModulePath","split","queue","Queue","defer","mkdirp","bind","writeFile","install","cb","renameWithFallback","await","safeRm"],"mappings":";;;;+BAYA;;;eAAwBA;;;yDAZT;8BACQ;oEACJ;2DACF;8DACC;iEACK;qEAEE;gEACL;2EACF;2EACa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEhB,SAASA,aAAaC,aAAqB,EAAEC,SAAiB,EAAEC,QAA8B;IAC3GC,IAAAA,uBAAY,EAACH,eAAe,SAACI,KAAKC;QAChC,IAAID,KAAK,OAAOF,SAASE;QACzB,IAAME,WAAWC,aAAI,CAACC,IAAI,CAACP,WAAWI;QACtC,IAAM,AAAEI,OAASC,IAAAA,6BAAK,EAACV,eAAfS;QAERE,WAAE,CAACC,IAAI,CAACN,UAAU,SAACF;gBAIKG;YAHtB,IAAI,CAACH,KAAK,OAAOF,SAAS,MAAMI,WAAW,iBAAiB;YAE5D,IAAMO,MAAM,AAAC,GAAcC,OAAZR,UAAS,KAAgB,OAAbQ,IAAAA,mBAAU;YACrC,IAAMC,gBAAgBR,CAAAA,SAAAA,aAAI,EAACC,IAAI,OAATD,QAAAA;gBAAUM;gBAAK;aAAmC,CAAlDN,OAA+B,qBAAGE,KAAKO,KAAK,CAAC;YAEnE,IAAMC,QAAQ,IAAIC,gBAAK,CAAC;YACxBD,MAAME,KAAK,CAACC,sBAAM,CAACC,IAAI,CAAC,MAAMR;YAC9BI,MAAME,KAAK,CAACR,WAAE,CAACW,SAAS,CAACD,IAAI,CAAC,MAAMd,aAAI,CAACC,IAAI,CAACK,KAAK,iBAAiB,MAAM;YAC1EI,MAAME,KAAK,CAACI,kBAAO,CAACF,IAAI,CAAC,MAAMhB,WAAWQ;YAC1CI,MAAME,KAAK,CAAC,SAACK;uBAAOC,IAAAA,6BAAkB,EAACV,eAAeT,UAAUkB;;YAChEP,MAAME,KAAK,CAAC,SAACK;uBAAOC,IAAAA,6BAAkB,EAAClB,aAAI,CAACC,IAAI,CAACK,KAAK,iBAAiBN,aAAI,CAACC,IAAI,CAACF,UAAU,iBAAiBkB;;YAC5GP,MAAMS,KAAK,CAAC,SAACtB;gBACX,oCAAoC;gBACpCuB,IAAAA,sBAAM,EAACd,KAAK;2BAAOT,MAAMF,SAASE,OAAOF,SAAS,MAAMI;;YAC1D;QACF;IACF;AACF"}
+{"version":3,"sources":["/Users/kevin/Dev/OpenSource/node/install-module-linked/src/lib/cache.ts"],"sourcesContent":["import fs from 'fs';\nimport { safeRm } from 'fs-remove-compat';\nimport mkdirp from 'mkdirp-classic';\nimport path from 'path';\nimport Queue from 'queue-cb';\nimport tempSuffix from 'temp-suffix';\nimport type { EnsureCachedCallback } from '../types.ts';\nimport getSpecifier from './getSpecifier.ts';\nimport install from './install.ts';\nimport parse from './parseInstallString.ts';\nimport renameWithFallback from './renameWithFallback.ts';\n\nexport default function ensureCached(installString: string, cachePath: string, callback: EnsureCachedCallback) {\n  getSpecifier(installString, (err, specifier) => {\n    if (err) return callback(err);\n    const cachedAt = path.join(cachePath, specifier);\n    const { name } = parse(installString);\n\n    fs.stat(cachedAt, (err?: Error) => {\n      if (!err) return callback(null, cachedAt); // already cached\n\n      const tmp = `${cachedAt}-${tempSuffix()}`;\n      const tmpModulePath = path.join(tmp, 'node_modules', ...name.split('/'));\n\n      const queue = new Queue(1);\n      queue.defer(mkdirp.bind(null, tmp));\n      queue.defer(fs.writeFile.bind(null, path.join(tmp, 'package.json'), '{}', 'utf8'));\n      queue.defer(install.bind(null, specifier, tmp));\n      queue.defer((cb) => {\n        // Verify npm actually created the package directory - npm may silently skip\n        // installation (exit 0) when platform doesn't match (os/cpu/libc fields)\n        fs.stat(tmpModulePath, (err) => {\n          if (err) return cb(new Error(`Package directory not created by npm. This may happen when the package has platform restrictions (os/cpu/libc) that don't match the current system: ${tmpModulePath}`));\n          cb();\n        });\n      });\n      queue.defer((cb) => renameWithFallback(tmpModulePath, cachedAt, cb));\n      queue.defer((cb) => renameWithFallback(path.join(tmp, 'node_modules'), path.join(cachedAt, 'node_modules'), cb));\n      queue.await((err) => {\n        // clear up whether installed or not\n        safeRm(tmp, () => (err ? callback(err) : callback(null, cachedAt)));\n      });\n    });\n  });\n}\n"],"names":["ensureCached","installString","cachePath","callback","getSpecifier","err","specifier","cachedAt","path","join","name","parse","fs","stat","tmp","tempSuffix","tmpModulePath","split","queue","Queue","defer","mkdirp","bind","writeFile","install","cb","Error","renameWithFallback","await","safeRm"],"mappings":";;;;+BAYA;;;eAAwBA;;;yDAZT;8BACQ;oEACJ;2DACF;8DACC;iEACK;qEAEE;gEACL;2EACF;2EACa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEhB,SAASA,aAAaC,aAAqB,EAAEC,SAAiB,EAAEC,QAA8B;IAC3GC,IAAAA,uBAAY,EAACH,eAAe,SAACI,KAAKC;QAChC,IAAID,KAAK,OAAOF,SAASE;QACzB,IAAME,WAAWC,aAAI,CAACC,IAAI,CAACP,WAAWI;QACtC,IAAM,AAAEI,OAASC,IAAAA,6BAAK,EAACV,eAAfS;QAERE,WAAE,CAACC,IAAI,CAACN,UAAU,SAACF;gBAIKG;YAHtB,IAAI,CAACH,KAAK,OAAOF,SAAS,MAAMI,WAAW,iBAAiB;YAE5D,IAAMO,MAAM,AAAC,GAAcC,OAAZR,UAAS,KAAgB,OAAbQ,IAAAA,mBAAU;YACrC,IAAMC,gBAAgBR,CAAAA,SAAAA,aAAI,EAACC,IAAI,OAATD,QAAAA;gBAAUM;gBAAK;aAAmC,CAAlDN,OAA+B,qBAAGE,KAAKO,KAAK,CAAC;YAEnE,IAAMC,QAAQ,IAAIC,gBAAK,CAAC;YACxBD,MAAME,KAAK,CAACC,sBAAM,CAACC,IAAI,CAAC,MAAMR;YAC9BI,MAAME,KAAK,CAACR,WAAE,CAACW,SAAS,CAACD,IAAI,CAAC,MAAMd,aAAI,CAACC,IAAI,CAACK,KAAK,iBAAiB,MAAM;YAC1EI,MAAME,KAAK,CAACI,kBAAO,CAACF,IAAI,CAAC,MAAMhB,WAAWQ;YAC1CI,MAAME,KAAK,CAAC,SAACK;gBACX,4EAA4E;gBAC5E,yEAAyE;gBACzEb,WAAE,CAACC,IAAI,CAACG,eAAe,SAACX;oBACtB,IAAIA,KAAK,OAAOoB,GAAG,IAAIC,MAAM,AAAC,uJAAoK,OAAdV;oBACpLS;gBACF;YACF;YACAP,MAAME,KAAK,CAAC,SAACK;uBAAOE,IAAAA,6BAAkB,EAACX,eAAeT,UAAUkB;;YAChEP,MAAME,KAAK,CAAC,SAACK;uBAAOE,IAAAA,6BAAkB,EAACnB,aAAI,CAACC,IAAI,CAACK,KAAK,iBAAiBN,aAAI,CAACC,IAAI,CAACF,UAAU,iBAAiBkB;;YAC5GP,MAAMU,KAAK,CAAC,SAACvB;gBACX,oCAAoC;gBACpCwB,IAAAA,sBAAM,EAACf,KAAK;2BAAOT,MAAMF,SAASE,OAAOF,SAAS,MAAMI;;YAC1D;QACF;IACF;AACF"}

dist/esm/lib/cache.js

@@ -24,2 +24,10 @@ import fs from 'fs';
             queue.defer(install.bind(null, specifier, tmp));
+            queue.defer((cb)=>{
+                // Verify npm actually created the package directory - npm may silently skip
+                // installation (exit 0) when platform doesn't match (os/cpu/libc fields)
+                fs.stat(tmpModulePath, (err)=>{
+                    if (err) return cb(new Error(`Package directory not created by npm. This may happen when the package has platform restrictions (os/cpu/libc) that don't match the current system: ${tmpModulePath}`));
+                    cb();
+                });
+            });
             queue.defer((cb)=>renameWithFallback(tmpModulePath, cachedAt, cb));
@@ -26,0 +34,0 @@ queue.defer((cb)=>renameWithFallback(path.join(tmp, 'node_modules'), path.join(cachedAt, 'node_modules'), cb));

dist/esm/lib/cache.js.map

@@ -1,1 +0,1 @@
-{"version":3,"sources":["/Users/kevin/Dev/OpenSource/node/install-module-linked/src/lib/cache.ts"],"sourcesContent":["import fs from 'fs';\nimport { safeRm } from 'fs-remove-compat';\nimport mkdirp from 'mkdirp-classic';\nimport path from 'path';\nimport Queue from 'queue-cb';\nimport tempSuffix from 'temp-suffix';\nimport type { EnsureCachedCallback } from '../types.ts';\nimport getSpecifier from './getSpecifier.ts';\nimport install from './install.ts';\nimport parse from './parseInstallString.ts';\nimport renameWithFallback from './renameWithFallback.ts';\n\nexport default function ensureCached(installString: string, cachePath: string, callback: EnsureCachedCallback) {\n  getSpecifier(installString, (err, specifier) => {\n    if (err) return callback(err);\n    const cachedAt = path.join(cachePath, specifier);\n    const { name } = parse(installString);\n\n    fs.stat(cachedAt, (err?: Error) => {\n      if (!err) return callback(null, cachedAt); // already cached\n\n      const tmp = `${cachedAt}-${tempSuffix()}`;\n      const tmpModulePath = path.join(tmp, 'node_modules', ...name.split('/'));\n\n      const queue = new Queue(1);\n      queue.defer(mkdirp.bind(null, tmp));\n      queue.defer(fs.writeFile.bind(null, path.join(tmp, 'package.json'), '{}', 'utf8'));\n      queue.defer(install.bind(null, specifier, tmp));\n      queue.defer((cb) => renameWithFallback(tmpModulePath, cachedAt, cb));\n      queue.defer((cb) => renameWithFallback(path.join(tmp, 'node_modules'), path.join(cachedAt, 'node_modules'), cb));\n      queue.await((err) => {\n        // clear up whether installed or not\n        safeRm(tmp, () => (err ? callback(err) : callback(null, cachedAt)));\n      });\n    });\n  });\n}\n"],"names":["fs","safeRm","mkdirp","path","Queue","tempSuffix","getSpecifier","install","parse","renameWithFallback","ensureCached","installString","cachePath","callback","err","specifier","cachedAt","join","name","stat","tmp","tmpModulePath","split","queue","defer","bind","writeFile","cb","await"],"mappings":"AAAA,OAAOA,QAAQ,KAAK;AACpB,SAASC,MAAM,QAAQ,mBAAmB;AAC1C,OAAOC,YAAY,iBAAiB;AACpC,OAAOC,UAAU,OAAO;AACxB,OAAOC,WAAW,WAAW;AAC7B,OAAOC,gBAAgB,cAAc;AAErC,OAAOC,kBAAkB,oBAAoB;AAC7C,OAAOC,aAAa,eAAe;AACnC,OAAOC,WAAW,0BAA0B;AAC5C,OAAOC,wBAAwB,0BAA0B;AAEzD,eAAe,SAASC,aAAaC,aAAqB,EAAEC,SAAiB,EAAEC,QAA8B;IAC3GP,aAAaK,eAAe,CAACG,KAAKC;QAChC,IAAID,KAAK,OAAOD,SAASC;QACzB,MAAME,WAAWb,KAAKc,IAAI,CAACL,WAAWG;QACtC,MAAM,EAAEG,IAAI,EAAE,GAAGV,MAAMG;QAEvBX,GAAGmB,IAAI,CAACH,UAAU,CAACF;YACjB,IAAI,CAACA,KAAK,OAAOD,SAAS,MAAMG,WAAW,iBAAiB;YAE5D,MAAMI,MAAM,GAAGJ,SAAS,CAAC,EAAEX,cAAc;YACzC,MAAMgB,gBAAgBlB,KAAKc,IAAI,CAACG,KAAK,mBAAmBF,KAAKI,KAAK,CAAC;YAEnE,MAAMC,QAAQ,IAAInB,MAAM;YACxBmB,MAAMC,KAAK,CAACtB,OAAOuB,IAAI,CAAC,MAAML;YAC9BG,MAAMC,KAAK,CAACxB,GAAG0B,SAAS,CAACD,IAAI,CAAC,MAAMtB,KAAKc,IAAI,CAACG,KAAK,iBAAiB,MAAM;YAC1EG,MAAMC,KAAK,CAACjB,QAAQkB,IAAI,CAAC,MAAMV,WAAWK;YAC1CG,MAAMC,KAAK,CAAC,CAACG,KAAOlB,mBAAmBY,eAAeL,UAAUW;YAChEJ,MAAMC,KAAK,CAAC,CAACG,KAAOlB,mBAAmBN,KAAKc,IAAI,CAACG,KAAK,iBAAiBjB,KAAKc,IAAI,CAACD,UAAU,iBAAiBW;YAC5GJ,MAAMK,KAAK,CAAC,CAACd;gBACX,oCAAoC;gBACpCb,OAAOmB,KAAK,IAAON,MAAMD,SAASC,OAAOD,SAAS,MAAMG;YAC1D;QACF;IACF;AACF"}
+{"version":3,"sources":["/Users/kevin/Dev/OpenSource/node/install-module-linked/src/lib/cache.ts"],"sourcesContent":["import fs from 'fs';\nimport { safeRm } from 'fs-remove-compat';\nimport mkdirp from 'mkdirp-classic';\nimport path from 'path';\nimport Queue from 'queue-cb';\nimport tempSuffix from 'temp-suffix';\nimport type { EnsureCachedCallback } from '../types.ts';\nimport getSpecifier from './getSpecifier.ts';\nimport install from './install.ts';\nimport parse from './parseInstallString.ts';\nimport renameWithFallback from './renameWithFallback.ts';\n\nexport default function ensureCached(installString: string, cachePath: string, callback: EnsureCachedCallback) {\n  getSpecifier(installString, (err, specifier) => {\n    if (err) return callback(err);\n    const cachedAt = path.join(cachePath, specifier);\n    const { name } = parse(installString);\n\n    fs.stat(cachedAt, (err?: Error) => {\n      if (!err) return callback(null, cachedAt); // already cached\n\n      const tmp = `${cachedAt}-${tempSuffix()}`;\n      const tmpModulePath = path.join(tmp, 'node_modules', ...name.split('/'));\n\n      const queue = new Queue(1);\n      queue.defer(mkdirp.bind(null, tmp));\n      queue.defer(fs.writeFile.bind(null, path.join(tmp, 'package.json'), '{}', 'utf8'));\n      queue.defer(install.bind(null, specifier, tmp));\n      queue.defer((cb) => {\n        // Verify npm actually created the package directory - npm may silently skip\n        // installation (exit 0) when platform doesn't match (os/cpu/libc fields)\n        fs.stat(tmpModulePath, (err) => {\n          if (err) return cb(new Error(`Package directory not created by npm. This may happen when the package has platform restrictions (os/cpu/libc) that don't match the current system: ${tmpModulePath}`));\n          cb();\n        });\n      });\n      queue.defer((cb) => renameWithFallback(tmpModulePath, cachedAt, cb));\n      queue.defer((cb) => renameWithFallback(path.join(tmp, 'node_modules'), path.join(cachedAt, 'node_modules'), cb));\n      queue.await((err) => {\n        // clear up whether installed or not\n        safeRm(tmp, () => (err ? callback(err) : callback(null, cachedAt)));\n      });\n    });\n  });\n}\n"],"names":["fs","safeRm","mkdirp","path","Queue","tempSuffix","getSpecifier","install","parse","renameWithFallback","ensureCached","installString","cachePath","callback","err","specifier","cachedAt","join","name","stat","tmp","tmpModulePath","split","queue","defer","bind","writeFile","cb","Error","await"],"mappings":"AAAA,OAAOA,QAAQ,KAAK;AACpB,SAASC,MAAM,QAAQ,mBAAmB;AAC1C,OAAOC,YAAY,iBAAiB;AACpC,OAAOC,UAAU,OAAO;AACxB,OAAOC,WAAW,WAAW;AAC7B,OAAOC,gBAAgB,cAAc;AAErC,OAAOC,kBAAkB,oBAAoB;AAC7C,OAAOC,aAAa,eAAe;AACnC,OAAOC,WAAW,0BAA0B;AAC5C,OAAOC,wBAAwB,0BAA0B;AAEzD,eAAe,SAASC,aAAaC,aAAqB,EAAEC,SAAiB,EAAEC,QAA8B;IAC3GP,aAAaK,eAAe,CAACG,KAAKC;QAChC,IAAID,KAAK,OAAOD,SAASC;QACzB,MAAME,WAAWb,KAAKc,IAAI,CAACL,WAAWG;QACtC,MAAM,EAAEG,IAAI,EAAE,GAAGV,MAAMG;QAEvBX,GAAGmB,IAAI,CAACH,UAAU,CAACF;YACjB,IAAI,CAACA,KAAK,OAAOD,SAAS,MAAMG,WAAW,iBAAiB;YAE5D,MAAMI,MAAM,GAAGJ,SAAS,CAAC,EAAEX,cAAc;YACzC,MAAMgB,gBAAgBlB,KAAKc,IAAI,CAACG,KAAK,mBAAmBF,KAAKI,KAAK,CAAC;YAEnE,MAAMC,QAAQ,IAAInB,MAAM;YACxBmB,MAAMC,KAAK,CAACtB,OAAOuB,IAAI,CAAC,MAAML;YAC9BG,MAAMC,KAAK,CAACxB,GAAG0B,SAAS,CAACD,IAAI,CAAC,MAAMtB,KAAKc,IAAI,CAACG,KAAK,iBAAiB,MAAM;YAC1EG,MAAMC,KAAK,CAACjB,QAAQkB,IAAI,CAAC,MAAMV,WAAWK;YAC1CG,MAAMC,KAAK,CAAC,CAACG;gBACX,4EAA4E;gBAC5E,yEAAyE;gBACzE3B,GAAGmB,IAAI,CAACE,eAAe,CAACP;oBACtB,IAAIA,KAAK,OAAOa,GAAG,IAAIC,MAAM,CAAC,oJAAoJ,EAAEP,eAAe;oBACnMM;gBACF;YACF;YACAJ,MAAMC,KAAK,CAAC,CAACG,KAAOlB,mBAAmBY,eAAeL,UAAUW;YAChEJ,MAAMC,KAAK,CAAC,CAACG,KAAOlB,mBAAmBN,KAAKc,IAAI,CAACG,KAAK,iBAAiBjB,KAAKc,IAAI,CAACD,UAAU,iBAAiBW;YAC5GJ,MAAMM,KAAK,CAAC,CAACf;gBACX,oCAAoC;gBACpCb,OAAOmB,KAAK,IAAON,MAAMD,SAASC,OAAOD,SAAS,MAAMG;YAC1D;QACF;IACF;AACF"}

package.json

 {
   "name": "install-module-linked",
-  "version": "1.4.2",
+  "version": "1.4.3",
   "description": "Installs and symlinks a module into node_modules",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 2 instances in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 2 instances in 1 package

Improved metrics

Total package byte prevSize

101043

2.5%

Lines of code

985

1.65%

No dependency changes