module-deps
Advanced tools
module-deps - npm Package Compare versions
| var parser = require('../'); | ||
| var test = require('tap').test; | ||
| var JSONStream = require('JSONStream'); | ||
| var path = require('path'); | ||
| test('circular entry', function (t) { | ||
| t.plan(1); | ||
| var p = parser(); | ||
| p.end(path.join(__dirname, '/circular_entry/app')); | ||
| p.on('error', t.fail.bind(t)); | ||
| p.pipe(JSONStream.stringify()).pipe(process.stdout); | ||
| }); |
| var step1 = require('./step1'); |
| var index = require('./index'); |
+6
-0
@@ -5,2 +5,8 @@ # module-deps Change Log | ||
| ## 6.0.2 - 2018-03-28 | ||
| * Fix missing 'file' event when file has a syntax error [#146](https://github.com/browserify/module-deps/pull/146) | ||
| ## 6.0.1 - 2018-03-27 | ||
| * Fix crash when file has a transform and a syntax error [#145](https://github.com/browserify/module-deps/pull/145) | ||
| ## 6.0.0 - 2018-02-07 | ||
@@ -7,0 +13,0 @@ * Ignore package.json files that do not contain JSON objects [#142](https://github.com/browserify/module-deps/pull/142) |
+4
-5
@@ -420,3 +420,4 @@ var fs = require('fs'); | ||
| var src = body.toString('utf8'); | ||
| var deps = getDeps(file, src); | ||
| try { var deps = getDeps(file, src); } | ||
| catch (err) { cb(err); } | ||
| if (deps) { | ||
@@ -438,3 +439,2 @@ cb(null, { | ||
| var deps = rec.noparse ? [] : self.parseDeps(file, src); | ||
| if (!deps) return; | ||
| // dependencies emitted by transforms | ||
@@ -509,6 +509,5 @@ if (self._transformDeps[file]) deps = deps.concat(self._transformDeps[file]); | ||
| var message = ex && ex.message ? ex.message : ex; | ||
| this.emit('error', new Error( | ||
| throw new Error( | ||
| 'Parsing file ' + file + ': ' + message | ||
| )); | ||
| return; | ||
| ); | ||
| } | ||
@@ -515,0 +514,0 @@ return deps; |
+1
-1
| { | ||
| "name": "module-deps", | ||
| "version": "6.0.1", | ||
| "version": "6.0.2", | ||
| "description": "walk the dependency graph to generate json output that can be fed into browser-pack", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
+6
-2
@@ -9,3 +9,4 @@ var mdeps = require('../'); | ||
| test('syntax error', function (t) { | ||
| t.plan(1); | ||
| t.plan(2); | ||
| var input = path.join(__dirname, '/files/syntax_error.js'); | ||
| // ensure transformDeps functionality does not break when parse errors happen | ||
@@ -16,6 +17,9 @@ // see https://github.com/browserify/module-deps/commit/9fe46d5#commitcomment-28273437 | ||
| }); | ||
| p.on('file', function (file) { | ||
| t.equal(file, input, 'should emit a file event even if there was an error'); | ||
| }); | ||
| p.on('error', function (err) { | ||
| t.ok(err); | ||
| }); | ||
| p.end(path.join(__dirname, '/files/syntax_error.js')); | ||
| p.end(input); | ||
| }); |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 5 instances in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 5 instances in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
81725
1.05%- Number of package files
116
2.65%- Lines of code
2148
0.75%