install-peers
Advanced tools
Comparing version 1.0.2 to 1.0.3
// do it inline in sync way | ||
// to make it work in non-npm environment | ||
var npmModule | ||
var npmBin | ||
, executioner | ||
, path = require('path') | ||
, node = process.argv[0] | ||
; | ||
if (process.env['npm_execpath'] && process.env['npm_execpath'].match(/\/node_modules\/npm\/bin\/npm-cli\.js$/)) { | ||
npmModule = require(path.resolve(process.env['npm_execpath'], '..', '..')); | ||
if (process.env['npm_execpath']) { | ||
var execPath = process.env['npm_execpath']; | ||
var expectedPath = path.join('bin', 'npm-cli.js'); | ||
if (execPath.slice(-1 * expectedPath.length) === expectedPath) { | ||
npmBin = path.resolve(execPath); | ||
} | ||
} | ||
@@ -15,8 +22,22 @@ | ||
if (npmModule) { | ||
module.exports = function(packages, options, done) { | ||
npmModule.load(options, function() { | ||
npmModule.commands.install(packages, done); | ||
if (npmBin) { | ||
executioner = require('executioner'); | ||
module.exports = function(packages, config, done) { | ||
var options = { | ||
node : node, | ||
npm : npmBin, | ||
// escape package name@versions | ||
packages: packages.map((pkg) => '"' + pkg + '"').join(' ') | ||
}; | ||
executioner('"${node}" "${npm}" install --no-save --no-package-lock ${packages}', options, function (error, result) { | ||
if (error) { | ||
console.error('Unable to install peerDependencies', error); | ||
process.exit(1); | ||
return; | ||
} | ||
done(result); | ||
}); | ||
} | ||
} |
// do it inline in sync way | ||
// to make it work in non-npm environment | ||
var yarnModule | ||
var yarnBin | ||
, executioner | ||
@@ -9,4 +9,9 @@ , path = require('path') | ||
if (process.env['npm_execpath'] && process.env['npm_execpath'].match(/node_modules\/yarn\/bin\/yarn\.js$/)) { | ||
yarnModule = path.resolve(process.env['npm_execpath'], '..', '..', 'lib', 'cli'); | ||
if (process.env['npm_execpath'] && process.env['npm_execpath'].match(/node_modules[\/\\]yarn[\/\\]bin[\/\\]yarn\.js$/)) { | ||
var execPath = process.env['npm_execpath']; | ||
var expectedPath = path.join('yarn', 'bin', 'yarn.js'); | ||
if (execPath.slice(-1 * expectedPath.length) === expectedPath) { | ||
yarnBin = path.resolve(execPath, '..', '..', 'lib', 'cli'); | ||
} | ||
} | ||
@@ -18,11 +23,9 @@ | ||
if (yarnModule) { | ||
if (yarnBin) { | ||
executioner = require('executioner'); | ||
module.exports = function(packages, extra, done) { | ||
var options = { | ||
node : node, | ||
yarn : yarnModule, | ||
yarn : yarnBin, | ||
// escape package names@versions | ||
@@ -32,3 +35,3 @@ packages: packages.map((pkg) => '"' + pkg + '"').join(' ') | ||
executioner('${node} ${yarn} add --peer --no-lockfile ${packages}', options, function(error, result) { | ||
executioner('"${node}" "${yarn}" add --peer --no-lockfile ${packages}', options, function(error, result) { | ||
if (error) { | ||
@@ -39,3 +42,3 @@ console.error('Unable to install peerDependencies', error); | ||
} | ||
done(); | ||
done(result); | ||
}); | ||
@@ -42,0 +45,0 @@ |
@@ -6,3 +6,3 @@ var fs = require('fs') | ||
, rootPath = path.resolve(__dirname, '..', '..') | ||
, rootPath = process.env.INIT_CWD || path.resolve(process.cwd(), '..', '..') | ||
@@ -60,2 +60,4 @@ , envLabel = 'skip_install_peers_as_dev' | ||
installNpm(peerDeps, peerInstallOptions, installDone.bind(null, 'npm')); | ||
} else { | ||
console.error('Did not find a viable package manager to install dependencies with.'); | ||
} | ||
@@ -65,4 +67,3 @@ }); | ||
function installDone(tool) { | ||
function installDone(tool, result) { | ||
// cleanup env | ||
@@ -72,2 +73,4 @@ process.env[envLabel] = ''; | ||
console.log('Installed peerDependencies as devDependencies via ' + tool + '.'); | ||
console.log(result); | ||
} | ||
@@ -74,0 +77,0 @@ |
{ | ||
"name": "install-peers", | ||
"version": "1.0.2", | ||
"version": "1.0.3", | ||
"description": "Automatically installs project's peerDependencies (as devDependencies)", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -0,0 +0,0 @@ # install-peers |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
8541
174
10
1