New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
install - npm Package Compare versions
Comparing version 0.1.7 to 0.1.8
@@ -18,3 +18,3 @@ { | ||
| ], | ||
| "version": "0.1.7", | ||
| "version": "0.1.8", | ||
| "homepage": "http://github.com/benjamn/install", | ||
@@ -27,6 +27,6 @@ "repository": { | ||
| "scripts": { | ||
| "test": "whiskey test/run.js" | ||
| "test": "mocha test/run.js" | ||
| }, | ||
| "optionalDependencies": { | ||
| "whiskey": "0.6.x" | ||
| "devDependencies": { | ||
| "mocha": "~2.0.1" | ||
| }, | ||
@@ -33,0 +33,0 @@ "engines": { |
@@ -27,25 +27,25 @@ Introduction | ||
| The first way is to pass a module identifier string followed by a module factory function: | ||
| ```js | ||
| install("some/module/id", function(require, exports, module) { | ||
| // CommonJS module code goes here. | ||
| install("some/module/id", function(require, exports, module) { | ||
| // CommonJS module code goes here. | ||
| // For example: | ||
| exports.setImmediate = function(callback) { | ||
| return setTimeout(callback, 0); | ||
| }; | ||
| }); | ||
| // For example: | ||
| exports.setImmediate = function(callback) { | ||
| return setTimeout(callback, 0); | ||
| }; | ||
| }); | ||
| ``` | ||
| This makes the module available for requirement, but does not evaluate the contents of the module until the first time another module calls `require("some/module/id")`. | ||
| The second way to invoke `install` is to omit the module identifier and pass an anonymous module factory function: | ||
| ```js | ||
| install(function(require) { | ||
| // Code that uses require goes here. | ||
| install(function(require) { | ||
| // Code that uses require goes here. | ||
| // For example: | ||
| require("some/module/id").setImmediate(function() { | ||
| console.log("setImmediate fired"); | ||
| }); | ||
| // For example: | ||
| require("some/module/id").setImmediate(function() { | ||
| console.log("setImmediate fired"); | ||
| }); | ||
| }); | ||
| ``` | ||
| Anonymous modules are executed in order of installation, as soon as their requirements have been installed. Note that such modules do not have exports objects, because anonymous modules cannot be required. | ||
@@ -56,7 +56,8 @@ | ||
| If a named module has no requirements and does not need its own scope, the following shorthand can be used to install the module: | ||
| install("simple/module", { exports: { | ||
| one: 1, | ||
| two: 2, | ||
| buckle: "my shoe" | ||
| }}); | ||
| ```js | ||
| install("simple/module", { exports: { | ||
| one: 1, | ||
| two: 2, | ||
| buckle: "my shoe" | ||
| }}); | ||
| ``` |
Fixed alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Improved metrics
- Dependency count
0
-100%- Number of lines in readme file
62
1.64%- Number of low supply chain risk alerts
2
-50%- Number of medium supply chain risk alerts
1
-50%Worsened metrics
- Total package byte prevSize
53687
-13.09%- Dev dependency count
1
Infinity%- Lines of code
436
-37.54%No dependency changes