load-plugin
Advanced tools
Comparing version 2.3.1 to 3.0.0
53
index.js
@@ -6,3 +6,3 @@ 'use strict' | ||
var resolve = require('resolve-from').silent | ||
var npmPrefix = require('npm-prefix')() | ||
var readNpmConfig = require('libnpmconfig').read | ||
@@ -13,21 +13,49 @@ module.exports = loadPlugin | ||
var electron = process.versions.electron !== undefined | ||
var windows = process.platform === 'win32' | ||
var argv = process.argv[1] || /* istanbul ignore next */ '' | ||
var nvm = process.env.NVM_BIN | ||
var appData = process.env.APPDATA | ||
/* istanbul ignore next */ | ||
var globalsLibrary = windows ? '' : 'lib' | ||
var builtinNpmConfig | ||
// The prefix config defaults to the location where node is installed. | ||
// On Windows, this is in a place called `%AppData%`, which we have to | ||
// pass to `libnpmconfig` explicitly: | ||
/* istanbul ignore next */ | ||
if (windows && appData) { | ||
builtinNpmConfig = {prefix: path.join(appData, 'npm')} | ||
} | ||
var npmPrefix = readNpmConfig(null, builtinNpmConfig).prefix | ||
// If there is no prefix defined, use the defaults | ||
// See: <https://github.com/eush77/npm-prefix/blob/master/index.js> | ||
/* istanbul ignore next */ | ||
if (!npmPrefix) { | ||
npmPrefix = windows | ||
? path.dirname(process.execPath) | ||
: path.resolve(process.execPath, '../..') | ||
} | ||
var globally = electron || argv.indexOf(npmPrefix) === 0 | ||
var windows = process.platform === 'win32' | ||
var prefix = windows ? /* istanbul ignore next */ '' : 'lib' | ||
var globals = path.resolve(npmPrefix, prefix, 'node_modules') | ||
var globals = path.resolve(npmPrefix, globalsLibrary, 'node_modules') | ||
// If we’re in Electron, we’re running in a modified Node that cannot really | ||
// install global node modules. To find the actual modules, the user has to | ||
// either set `prefix` in their `.npmrc` (which is picked up by `npm-prefix`). | ||
// install global node modules. | ||
// To find the actual modules, the user has to set `prefix` somewhere in an | ||
// `.npmrc` (which is picked up by `libnpmconfig`). | ||
// Most people don’t do that, and some use NVM instead to manage different | ||
// versions of Node. Luckily NVM leaks some environment variables that we can | ||
// pick up on to try and detect the actual modules. | ||
// versions of Node. | ||
// Luckily NVM leaks some environment variables that we can pick up on to try | ||
// and detect the actual modules. | ||
/* istanbul ignore next */ | ||
if (electron && nvm && !fs.existsSync(globals)) { | ||
globals = path.resolve(nvm, '..', prefix, 'node_modules') | ||
globals = path.resolve(nvm, '..', globalsLibrary, 'node_modules') | ||
} | ||
// Load the plug-in found using `resolvePlugin`. | ||
// Load the plugin found using `resolvePlugin`. | ||
function loadPlugin(name, options) { | ||
@@ -85,4 +113,5 @@ return require(resolvePlugin(name, options) || name) | ||
// Let’s keep the algorithm simple. No need to care if this is a | ||
// “valid” scope (I think?). But we do check for the slash. | ||
// Let’s keep the algorithm simple. | ||
// No need to care if this is a “valid” scope (I think?). | ||
// But we do check for the slash. | ||
if (slash !== -1) { | ||
@@ -89,0 +118,0 @@ scope = name.slice(0, slash + 1) |
{ | ||
"name": "load-plugin", | ||
"version": "2.3.1", | ||
"version": "3.0.0", | ||
"description": "Load a submodule, plugin, or file", | ||
@@ -14,2 +14,6 @@ "license": "MIT", | ||
"bugs": "https://github.com/wooorm/load-plugin/issues", | ||
"funding": { | ||
"type": "github", | ||
"url": "https://github.com/sponsors/wooorm" | ||
}, | ||
"author": "Titus Wormer <tituswormer@gmail.com> (https://wooorm.com)", | ||
@@ -26,13 +30,13 @@ "contributors": [ | ||
"dependencies": { | ||
"npm-prefix": "^1.2.0", | ||
"libnpmconfig": "^1.0.0", | ||
"resolve-from": "^5.0.0" | ||
}, | ||
"devDependencies": { | ||
"nyc": "^14.0.0", | ||
"prettier": "^1.12.0", | ||
"remark-cli": "^6.0.0", | ||
"nyc": "^15.0.0", | ||
"prettier": "^1.0.0", | ||
"remark-cli": "^7.0.0", | ||
"remark-lint": "^6.0.0", | ||
"remark-preset-wooorm": "^4.0.0", | ||
"remark-preset-wooorm": "^6.0.0", | ||
"tape": "^4.0.0", | ||
"xo": "^0.24.0" | ||
"xo": "^0.25.0" | ||
}, | ||
@@ -39,0 +43,0 @@ "scripts": { |
@@ -11,7 +11,7 @@ # load-plugin | ||
## Installation | ||
## Install | ||
[npm][]: | ||
```bash | ||
```sh | ||
npm install load-plugin | ||
@@ -23,3 +23,3 @@ ``` | ||
## Usage | ||
## Use | ||
@@ -26,0 +26,0 @@ Say we’re in this project (with dependencies installed): |
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
10242
125
5
+ Addedlibnpmconfig@^1.0.0
+ Addedfiggy-pudding@3.5.2(transitive)
+ Addedfind-up@3.0.0(transitive)
+ Addedlibnpmconfig@1.2.1(transitive)
+ Addedlocate-path@3.0.0(transitive)
+ Addedp-limit@2.3.0(transitive)
+ Addedp-locate@3.0.0(transitive)
+ Addedp-try@2.2.0(transitive)
+ Addedpath-exists@3.0.0(transitive)
- Removednpm-prefix@^1.2.0
- Removeddeep-extend@0.6.0(transitive)
- Removedminimist@1.2.8(transitive)
- Removednpm-prefix@1.2.0(transitive)
- Removedos-homedir@1.0.2(transitive)
- Removedrc@1.2.8(transitive)
- Removedshellsubstitute@1.2.0(transitive)
- Removedstrip-json-comments@2.0.1(transitive)
- Removeduntildify@2.1.0(transitive)