knowns - npm Package Compare versions

Comparing version 0.15.0 to 0.15.1

bin/knowns.js

@@ -7,3 +7,18 @@ #!/usr/bin/env node
 const fs = require("fs");
+const Module = require("module");
 
+function uniq(values) {
+  return [...new Set(values)];
+}
+
+function resolveFromPackageDir(pkgDir, ext) {
+  for (const name of [`knowns${ext}`, "knowns"]) {
+    const candidate = path.join(pkgDir, name);
+    if (fs.existsSync(candidate)) {
+      return candidate;
+    }
+  }
+  return null;
+}
+
 function getBinaryPath() {
@@ -35,35 +50,35 @@ const platform = os.platform();
   const ext = platform === "win32" ? ".exe" : "";
+  const pkgParts = pkgName.split("/");
 
-  // Try to find in node_modules (installed as optionalDependency)
-  const candidates = [
-    // npm/pnpm standard layout
-    path.join(__dirname, "..", "node_modules", pkgName, `knowns${ext}`),
-    // pnpm hoisted
-    path.join(__dirname, "..", "..", pkgName, `knowns${ext}`),
-    // npm hoisted
-    path.join(
-      __dirname,
-      "..",
-      "..",
-      "..",
-      "node_modules",
-      pkgName,
-      `knowns${ext}`
-    ),
-    // Global install
-    path.join(__dirname, "..", "..", pkgName, `knowns${ext}`),
-  ];
+  const packageDirs = uniq([
+    path.resolve(__dirname, "..", "node_modules", ...pkgParts),
+    path.resolve(__dirname, "..", "..", ...pkgParts),
+    path.resolve(__dirname, "..", "..", "node_modules", ...pkgParts),
+    path.resolve(__dirname, "..", "..", "..", "node_modules", ...pkgParts),
+    ...module.paths.map((base) => path.join(base, ...pkgParts)),
+    ...Module.globalPaths.map((base) => path.join(base, ...pkgParts)),
+  ]);
 
-  for (const candidate of candidates) {
-    if (fs.existsSync(candidate)) {
-      return candidate;
+  for (const pkgDir of packageDirs) {
+    const resolved = resolveFromPackageDir(pkgDir, ext);
+    if (resolved) {
+      return resolved;
     }
   }
 
-  // Try require.resolve as last resort
+  for (const base of uniq([__dirname, process.cwd(), ...module.paths, ...Module.globalPaths])) {
+    try {
+      const pkgJson = require.resolve(`${pkgName}/package.json`, { paths: [base] });
+      const resolved = resolveFromPackageDir(path.dirname(pkgJson), ext);
+      if (resolved) {
+        return resolved;
+      }
+    } catch {}
+  }
+
   try {
-    const pkgDir = path.dirname(require.resolve(`${pkgName}/package.json`));
-    const binary = path.join(pkgDir, `knowns${ext}`);
-    if (fs.existsSync(binary)) {
-      return binary;
+    const pkgJson = require.resolve(`${pkgName}/package.json`);
+    const resolved = resolveFromPackageDir(path.dirname(pkgJson), ext);
+    if (resolved) {
+      return resolved;
     }
@@ -70,0 +85,0 @@ } catch {}

package.json

 {
   "name": "knowns",
-  "version": "0.15.0",
+  "version": "0.15.1",
   "description": "AI-native project management CLI",
@@ -11,8 +11,8 @@ "bin": {
   "optionalDependencies": {
-    "@knowns/darwin-arm64": "0.15.0",
-    "@knowns/darwin-x64": "0.15.0",
-    "@knowns/linux-arm64": "0.15.0",
-    "@knowns/linux-x64": "0.15.0",
-    "@knowns/win-arm64": "0.15.0",
-    "@knowns/win-x64": "0.15.0"
+    "@knowns/darwin-arm64": "0.15.1",
+    "@knowns/darwin-x64": "0.15.1",
+    "@knowns/linux-arm64": "0.15.1",
+    "@knowns/linux-x64": "0.15.1",
+    "@knowns/win-arm64": "0.15.1",
+    "@knowns/win-x64": "0.15.1"
   },
@@ -19,0 +19,0 @@ "license": "MIT",

New alerts

Deprecated

Maintenance

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

16306

3.89%

Lines of code

90

15.38%

Number of medium supply chain risk alerts

1

-50%

Worsened metrics

Number of medium maintenance alerts

1

Infinity%

Number of low supply chain risk alerts

3

50%

No dependency changes