libnpmexec - npm Package Compare versions

Comparing version 5.0.0-pre.4 to 5.0.0-pre.5

lib/file-exists.js

 const { resolve } = require('path')
-const fs = require('@npmcli/fs')
+const { stat } = require('fs/promises')
 const walkUp = require('walk-up-path')
@@ -7,3 +7,3 @@
   try {
-    const res = await fs.stat(file)
+    const res = await stat(file)
     return res.isFile()
@@ -10,0 +10,0 @@ } catch {

lib/index.js

 'use strict'
 
+const { mkdir } = require('fs/promises')
 const { promisify } = require('util')
@@ -9,3 +10,2 @@
 const log = require('proc-log')
-const mkdirp = require('mkdirp-infer-owner')
 const npa = require('npm-package-arg')
@@ -42,20 +42,18 @@ const npmlog = require('npmlog')
 const missingFromTree = async ({ spec, tree, flatOptions }) => {
-  if (spec.registry && (spec.rawSpec === '' || spec.type !== 'tag')) {
+  if (spec.registry && spec.type !== 'tag') {
     // registry spec that is not a specific tag.
     const nodesBySpec = tree.inventory.query('packageName', spec.name)
     for (const node of nodesBySpec) {
-      if (spec.type === 'tag') {
-        // package requested by name only
+      // package requested by name only (or name@*)
+      if (spec.rawSpec === '*') {
         return { node }
-      } else if (spec.type === 'version') {
-        // package requested by specific version
-        if (node.pkgid === spec.raw) {
-          return { node }
-        }
-      } else {
-        // package requested by version range, only remaining registry type
-        if (semver.satisfies(node.package.version, spec.rawSpec)) {
-          return { node }
-        }
       }
+      // package requested by specific version
+      if (spec.type === 'version' && (node.pkgid === spec.raw)) {
+        return { node }
+      }
+      // package requested by version range, only remaining registry type
+      if (semver.satisfies(node.package.version, spec.rawSpec)) {
+        return { node }
+      }
     }
@@ -210,3 +208,3 @@ const manifest = await getManifest(spec, flatOptions)
     const installDir = resolve(npxCache, hash)
-    await mkdirp(installDir)
+    await mkdir(installDir, { recursive: true })
     const npxArb = new Arborist({
@@ -213,0 +211,0 @@ ...flatOptions,

package.json

 {
   "name": "libnpmexec",
-  "version": "5.0.0-pre.4",
+  "version": "5.0.0-pre.5",
   "files": [
@@ -53,5 +53,5 @@ "bin/",
   "devDependencies": {
-    "@npmcli/eslint-config": "^3.1.0",
-    "@npmcli/template-oss": "4.5.0",
-    "bin-links": "^3.0.3",
+    "@npmcli/eslint-config": "^4.0.0",
+    "@npmcli/template-oss": "4.6.2",
+    "bin-links": "^4.0.1",
     "minify-registry-metadata": "^2.2.0",
@@ -62,14 +62,12 @@ "mkdirp": "^1.0.4",
   "dependencies": {
-    "@npmcli/arborist": "^6.0.0-pre.4",
+    "@npmcli/arborist": "^6.0.0-pre.5",
     "@npmcli/ci-detect": "^3.0.0",
-    "@npmcli/fs": "^2.1.1",
-    "@npmcli/run-script": "^4.2.0",
+    "@npmcli/run-script": "^5.0.0",
     "chalk": "^4.1.0",
-    "mkdirp-infer-owner": "^2.0.0",
-    "npm-package-arg": "^9.0.1",
-    "npmlog": "^6.0.2",
-    "pacote": "^14.0.0",
-    "proc-log": "^2.0.0",
+    "npm-package-arg": "^10.0.0",
+    "npmlog": "^7.0.1",
+    "pacote": "^15.0.2",
+    "proc-log": "^3.0.0",
     "read": "^1.0.7",
-    "read-package-json-fast": "^2.0.2",
+    "read-package-json-fast": "^3.0.1",
     "semver": "^7.3.7",
@@ -80,5 +78,5 @@ "walk-up-path": "^1.0.0"
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.5.0",
+    "version": "4.6.2",
     "content": "../../scripts/template-oss/index.js"
   }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Dependency count

12

decreased by-14.29%

Worsened metrics

Total package byte prevSize

16399

decreased by-0.62%

Lines of code

358

decreased by-0.56%

Number of low supply chain risk alerts

3

increased by200%

Dependency changes

• + Added@npmcli/run-script@5.1.1(transitive)

• - Removed@npmcli/fs@^2.1.1

• - Removedmkdirp-infer-owner@^2.0.0

• - Removed@npmcli/git@3.0.2(transitive)

• - Removed@npmcli/installed-package-contents@1.0.7(transitive)

• - Removed@npmcli/node-gyp@2.0.0(transitive)

• - Removed@npmcli/promise-spawn@3.0.0(transitive)

• - Removed@npmcli/run-script@4.2.1(transitive)

• - Removedbuiltins@5.1.0(transitive)

• - Removedhosted-git-info@5.2.1(transitive)

• - Removedjson-parse-even-better-errors@2.3.1(transitive)

• - Removedmkdirp-infer-owner@2.0.0(transitive)

• - Removednormalize-package-data@4.0.1(transitive)

• - Removednpm-bundled@1.1.2(transitive)

• - Removednpm-install-checks@5.0.0(transitive)

• - Removednpm-normalize-package-bin@1.0.12.0.0(transitive)

• - Removednpm-package-arg@9.1.2(transitive)

• - Removednpm-pick-manifest@7.0.2(transitive)

• - Removednpm-registry-fetch@13.3.1(transitive)

• - Removedpacote@14.0.0(transitive)

• - Removedproc-log@2.0.1(transitive)

• - Removedread-package-json@5.0.2(transitive)

• - Removedread-package-json-fast@2.0.3(transitive)

• - Removedvalidate-npm-package-name@4.0.0(transitive)

• Updated@npmcli/arborist@^6.0.0-pre.5

• Updated@npmcli/run-script@^5.0.0

• Updatednpm-package-arg@^10.0.0

• Updatednpmlog@^7.0.1

• Updatedpacote@^15.0.2

• Updatedproc-log@^3.0.0

• Updatedread-package-json-fast@^3.0.1