lavamoat-tofu - npm Package Compare versions

Comparing version 7.2.1 to 7.2.2

CHANGELOG.md

 # Changelog
 
+## [7.2.2](https://github.com/LavaMoat/LavaMoat/compare/lavamoat-tofu-v7.2.1...lavamoat-tofu-v7.2.2) (2024-02-29)
+
+
+### Bug Fixes
+
+* **tofu:** fix logic error in inspectEsmImports ([4c50878](https://github.com/LavaMoat/LavaMoat/commit/4c508782be9035c41a32712dc2039b95c8a6bc06))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * peerDependencies
+    * lavamoat-core bumped from ^15.2.0 to ^15.2.1
+
 ## [7.2.1](https://github.com/LavaMoat/LavaMoat/compare/lavamoat-tofu-v7.2.0...lavamoat-tofu-v7.2.1) (2024-02-29)
@@ -4,0 +18,0 @@

package.json

 {
   "name": "lavamoat-tofu",
-  "version": "7.2.1",
+  "version": "7.2.2",
   "description": "This is the TOFU (trust-on-first-use) static analysis tool used by LavaMoat to automatically generate useable config",
@@ -29,8 +29,8 @@ "repository": {
   "peerDependencies": {
-    "lavamoat-core": "^15.2.0"
+    "lavamoat-core": "^15.2.1"
   },
   "dependencies": {
-    "@babel/parser": "7.23.9",
-    "@babel/traverse": "7.23.9",
-    "@babel/types": "7.23.9",
+    "@babel/parser": "7.24.0",
+    "@babel/traverse": "7.24.0",
+    "@babel/types": "7.24.0",
     "@types/babel__traverse": "7.20.5",
@@ -37,0 +37,0 @@ "type-fest": "4.10.2"

src/inspectSource.js

@@ -184,2 +184,3 @@ const { parse } = require('@babel/parser')
 function inspectEsmImports(ast, packagesToInspect) {
+  const shouldInspectAll = !packagesToInspect
   const pkgsToInspect = new Set(packagesToInspect)
@@ -199,7 +200,3 @@
 
-    if (
-      importSource &&
-      ((pkgsToInspect.size && pkgsToInspect.has(importSource)) ||
-        !pkgsToInspect.size)
-    ) {
+    if (importSource && (shouldInspectAll || pkgsToInspect.has(importSource))) {
       esmImports.add(importSource)
@@ -206,0 +203,0 @@ }

test/inspectEsmImports.spec.js

@@ -51,2 +51,14 @@ const test = require('ava')
 
+test('esm - when searching among zero elements, find zero elements', (t) => {
+  const ast = parse(
+    `
+  import { stuff } from './stuff.mjs';
+  import a from 'a';
+  `,
+    { sourceType: 'module' }
+  )
+  const actual = inspectEsmImports(ast, [])
+  t.is(actual.length, 0)
+})
+
 function testInspect(label, opts, fn, expected) {
@@ -53,0 +65,0 @@ test(label, (t) => {

test/inspectImports.spec.js

@@ -125,2 +125,14 @@ const test = require('ava')
 
+test('cjs - when searching among zero elements, find zero elements', (t) => {
+  const ast = parse(
+    `
+  require('./stuff')
+  require('a')
+  `,
+    { sourceType: 'script' }
+  )
+  const { cjsImports: actual } = inspectImports(ast, [])
+  t.is(actual.length, 0)
+})
+
 function testInspect(label, opts, fn, expectedResultObj) {
@@ -127,0 +139,0 @@ test(label, (t) => {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

224735

increased by0.43%

Lines of code

7329

increased by0.26%

Number of medium supply chain risk alerts

0

decreased by-100%

Dependency changes

• + Added@babel/parser@7.24.0(transitive)

• + Added@babel/traverse@7.24.0(transitive)

• + Added@babel/types@7.24.0(transitive)

• - Removed@babel/parser@7.23.9(transitive)

• - Removed@babel/traverse@7.23.9(transitive)

• - Removed@babel/types@7.23.9(transitive)

• Updated@babel/parser@7.24.0

• Updated@babel/traverse@7.24.0

• Updated@babel/types@7.24.0