machinepack-process - npm Package Compare versions

Comparing version 4.0.0 to 4.0.1

lib/escape-as-command-line-opt.js

@@ -61,9 +61,4 @@ module.exports = {
 
-    // Import `lodash`.
     var _ = require('@sailshq/lodash');
 
-    // Import `machinepack-json`.
-    var MPJSON = require('machinepack-json');
-
-
     // First, determine the string to escape.
@@ -79,3 +74,49 @@ var stringToEscape;
       try {
-        stringToEscape = MPJSON.stringifySafe({value:inputs.value}).execSync();
+        // This was modified by @mikermcneil from @isaacs' json-stringify-safe
+        // (see https://github.com/isaacs/json-stringify-safe/commit/02cfafd45f06d076ac4bf0dd28be6738a07a72f9#diff-c3fcfbed30e93682746088e2ce1a4a24)
+        function serializer() {
+          var stack = [];
+          var keys = [];
+
+          // Function to replace circular references with a string describing the reference.
+          // Used by the custom stringify function below.
+          var cycleReplacer = function(key, value) {
+            if (stack[0] === value) {
+              return '[Circular ~]';
+            }
+            return '[Circular ~.' + keys.slice(0, stack.indexOf(value)).join('.') + ']';
+          };
+
+          // Return a custom stringify function to be used as the second argument
+          // to the native JSON.stringify.
+          return function(key, value) {
+            if (stack.length > 0) {
+              var thisPos = stack.indexOf(this);
+              ~thisPos ? stack.splice(thisPos + 1) : stack.push(this);
+              ~thisPos ? keys.splice(thisPos, Infinity, key) : keys.push(key);
+              if (~stack.indexOf(value)) {
+                value = cycleReplacer.call(this, key, value);
+              }
+            }
+            else {
+              stack.push(value);
+            }
+
+            // Do some advanced serialization
+            if (_.isError(value)){
+              value = value.stack;
+            }
+            else if (_.isRegExp(value)){
+              value = value.toString();
+            }
+            else if (_.isFunction(value)){
+              value = value.toString();
+            }
+
+            return value;
+          };
+        }
+
+        // Serialize the string.
+        stringToEscape = JSON.stringify(inputs.value, serializer());
       } catch (e) {
@@ -82,0 +123,0 @@ // If we couldn't stringify the value, exit through the `couldNotSerialize` exit.

lib/open-browser.js

@@ -25,3 +25,2 @@ module.exports = {
 
-    // Import `open` and `openBrowserAndNavigateToUrl`.
     var openBrowserAndNavigateToUrl = require('opn');
@@ -32,3 +31,2 @@
 
-    // Return through the `success` exit.
     return exits.success();
@@ -35,0 +33,0 @@ }

package.json

 {
   "name": "machinepack-process",
-  "version": "4.0.0",
+  "version": "4.0.1",
   "description": "Work with child procs and the running process.",
@@ -20,3 +20,2 @@ "scripts": {
     "machine": "^15.0.0-23",
-    "machinepack-json": "^2.0.0",
     "opn": "5.3.0"
@@ -23,0 +22,0 @@ },

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

52725

2.86%

Dependency count

3

-25%

Lines of code

739

5.12%

Worsened metrics

Number of low supply chain risk alerts

14

7.69%

Number of medium supply chain risk alerts

3

50%

Dependency changes

• - Removed

  machinepack-json@^2.0.0

• - Removed

  convert-to-ecmascript-compatible-varname@0.1.4
  (transitive)

• - Removed

  debug@3.1.0
  (transitive)

• - Removed

  lodash@2.4.23.8.0
  (transitive)

• - Removed

  lodash.iserror@3.1.1
  (transitive)

• - Removed

  lodash.isfunction@3.0.8
  (transitive)

• - Removed

  lodash.isregexp@3.0.5
  (transitive)

• - Removed

  machine@12.1.1
  (transitive)

• - Removed

  machinepack-json@2.0.1
  (transitive)

• - Removed

  ms@2.0.0
  (transitive)

• - Removed

  object-hash@0.3.0
  (transitive)

• - Removed

  rttc@9.3.4
  (transitive)

• - Removed

  switchback@2.0.0
  (transitive)