load-plugin - npm Package Compare versions

Comparing version 2.3.1 to 3.0.0

index.js

@@ -6,3 +6,3 @@ 'use strict'
 var resolve = require('resolve-from').silent
-var npmPrefix = require('npm-prefix')()
+var readNpmConfig = require('libnpmconfig').read
 
@@ -13,21 +13,49 @@ module.exports = loadPlugin
 var electron = process.versions.electron !== undefined
+var windows = process.platform === 'win32'
+
 var argv = process.argv[1] || /* istanbul ignore next */ ''
 var nvm = process.env.NVM_BIN
+var appData = process.env.APPDATA
+
+/* istanbul ignore next */
+var globalsLibrary = windows ? '' : 'lib'
+
+var builtinNpmConfig
+
+// The prefix config defaults to the location where node is installed.
+// On Windows, this is in a place called `%AppData%`, which we have to
+// pass to `libnpmconfig` explicitly:
+/* istanbul ignore next */
+if (windows && appData) {
+  builtinNpmConfig = {prefix: path.join(appData, 'npm')}
+}
+
+var npmPrefix = readNpmConfig(null, builtinNpmConfig).prefix
+
+// If there is no prefix defined, use the defaults
+// See: <https://github.com/eush77/npm-prefix/blob/master/index.js>
+/* istanbul ignore next */
+if (!npmPrefix) {
+  npmPrefix = windows
+    ? path.dirname(process.execPath)
+    : path.resolve(process.execPath, '../..')
+}
+
 var globally = electron || argv.indexOf(npmPrefix) === 0
-var windows = process.platform === 'win32'
-var prefix = windows ? /* istanbul ignore next */ '' : 'lib'
-var globals = path.resolve(npmPrefix, prefix, 'node_modules')
+var globals = path.resolve(npmPrefix, globalsLibrary, 'node_modules')
 
 // If we’re in Electron, we’re running in a modified Node that cannot really
-// install global node modules.  To find the actual modules, the user has to
-// either set `prefix` in their `.npmrc` (which is picked up by `npm-prefix`).
+// install global node modules.
+// To find the actual modules, the user has to set `prefix` somewhere in an
+// `.npmrc` (which is picked up by `libnpmconfig`).
 // Most people don’t do that, and some use NVM instead to manage different
-// versions of Node.  Luckily NVM leaks some environment variables that we can
-// pick up on to try and detect the actual modules.
+// versions of Node.
+// Luckily NVM leaks some environment variables that we can pick up on to try
+// and detect the actual modules.
 /* istanbul ignore next */
 if (electron && nvm && !fs.existsSync(globals)) {
-  globals = path.resolve(nvm, '..', prefix, 'node_modules')
+  globals = path.resolve(nvm, '..', globalsLibrary, 'node_modules')
 }
 
-// Load the plug-in found using `resolvePlugin`.
+// Load the plugin found using `resolvePlugin`.
 function loadPlugin(name, options) {
@@ -85,4 +113,5 @@ return require(resolvePlugin(name, options) || name)
 
-        // Let’s keep the algorithm simple.  No need to care if this is a
-        // “valid” scope (I think?).  But we do check for the slash.
+        // Let’s keep the algorithm simple.
+        // No need to care if this is a “valid” scope (I think?).
+        // But we do check for the slash.
         if (slash !== -1) {
@@ -89,0 +118,0 @@ scope = name.slice(0, slash + 1)

package.json

 {
   "name": "load-plugin",
-  "version": "2.3.1",
+  "version": "3.0.0",
   "description": "Load a submodule, plugin, or file",
@@ -14,2 +14,6 @@ "license": "MIT",
   "bugs": "https://github.com/wooorm/load-plugin/issues",
+  "funding": {
+    "type": "github",
+    "url": "https://github.com/sponsors/wooorm"
+  },
   "author": "Titus Wormer <tituswormer@gmail.com> (https://wooorm.com)",
@@ -26,13 +30,13 @@ "contributors": [
   "dependencies": {
-    "npm-prefix": "^1.2.0",
+    "libnpmconfig": "^1.0.0",
     "resolve-from": "^5.0.0"
   },
   "devDependencies": {
-    "nyc": "^14.0.0",
-    "prettier": "^1.12.0",
-    "remark-cli": "^6.0.0",
+    "nyc": "^15.0.0",
+    "prettier": "^1.0.0",
+    "remark-cli": "^7.0.0",
     "remark-lint": "^6.0.0",
-    "remark-preset-wooorm": "^4.0.0",
+    "remark-preset-wooorm": "^6.0.0",
     "tape": "^4.0.0",
-    "xo": "^0.24.0"
+    "xo": "^0.25.0"
   },
@@ -39,0 +43,0 @@ "scripts": {

readme.md

@@ -11,7 +11,7 @@ # load-plugin
 
-## Installation
+## Install
 
 [npm][]:
 
-```bash
+```sh
 npm install load-plugin
@@ -23,3 +23,3 @@ ```
 
-## Usage
+## Use
 
@@ -26,0 +26,0 @@ Say we’re in this project (with dependencies installed):

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

10242

increased by8.65%

Lines of code

125

increased by21.36%

Worsened metrics

Number of low supply chain risk alerts

5

increased by25%

Dependency changes

• + Addedlibnpmconfig@^1.0.0

• + Addedfiggy-pudding@3.5.2(transitive)

• + Addedfind-up@3.0.0(transitive)

• + Addedlibnpmconfig@1.2.1(transitive)

• + Addedlocate-path@3.0.0(transitive)

• + Addedp-limit@2.3.0(transitive)

• + Addedp-locate@3.0.0(transitive)

• + Addedp-try@2.2.0(transitive)

• + Addedpath-exists@3.0.0(transitive)

• - Removednpm-prefix@^1.2.0

• - Removeddeep-extend@0.6.0(transitive)

• - Removedminimist@1.2.8(transitive)

• - Removednpm-prefix@1.2.0(transitive)

• - Removedos-homedir@1.0.2(transitive)

• - Removedrc@1.2.8(transitive)

• - Removedshellsubstitute@1.2.0(transitive)

• - Removedstrip-json-comments@2.0.1(transitive)

• - Removeduntildify@2.1.0(transitive)